Vulnerability Development mailing list archives
Re: BackOrifice == DDoS Server???
From: xm () GEEKMAFIA DYNIP COM (Ex Machina)
Date: Fri, 30 Jun 2000 10:39:19 -0400
Didn't bo2k impliment an IDEA crypto module. I thought the lame crypto packages were only included due to US export restrictions at the time of the release. Also since a lot of the raw packet shpaing tools from places like packetfactory.net have been ported to win32, it would be simple to use bo2k as a real spooded dos tool. Ex Machina (xm () geekmafia dynip com) http://geekmafia.dynip.com/~xm/ phone: 1-877-LPT-WHIP icq: 3387005 aim: ExMachina GnuPG Keyprint: 0627 C3A8 DE25 F7FB 46BD 4870 2006 CF7F EBDA 949D On Thu, 29 Jun 2000, Bluefish wrote:
Date: Thu, 29 Jun 2000 19:04:00 +0200 From: Bluefish <11a () GMX NET> To: VULN-DEV () SECURITYFOCUS COM Subject: Re: BackOrifice == DDoS Server???2 years ago when Back Orifice made its debut, I've noticed the command "PROCSPAWN". (Unix Back Orifice Source Code available at www.rootshell.com.)Additionally, remember that it is possible to code plugins for BO. It could be made into an even more dangerous attack. The big question though, is if BO is more easily used (= more scriptkidz using it) or more stealthed (higher % of the users installing it without understanding it) than other available DDoS tools. Otherwise this is simply yet another tool.Im not too sure if many people knew about this, but it's here for those who didn't know, and to expose that programs written for another use could be abused for something of its original intent.BO is written to serve dual purposes (to be used and abused). That, added to it's bad security (two of the cryptographic plugins were broken due to flawed MD5 implementation, and because it was written to serve dual pruposes, no one has bothered to analyse the security of it) sugest that it now only is usefull for abuse..... Given how week the original cryptographic modules were (same key always - MD5 gave a static response) it would seem the authors didn't bother to investigate the security of it very much. ..:::::::::::::::::::::::::::::::::::::::::::::::::.. http://www.11a.nu || http://bluefish.11a.nu eleventh alliance development & security team
Current thread:
- Re: BackOrifice == DDoS Server??? Ex Machina (Jun 30)
- Re: BackOrifice == DDoS Server??? Bluefish (Jul 01)
- <Possible follow-ups>
- Re: BackOrifice == DDoS Server??? Ryan Permeh (Jun 30)
- Re: BackOrifice == DDoS Server??? Bluefish (Jul 01)
- Re: BackOrifice == DDoS Server??? Brooke, O'Neil (Jul 05)