BackOrifice == DDoS Server???

[webmaster () TECHNOGENICS COM (GJones)]

2 years ago when Back Orifice made its debut, I've noticed the command
"PROCSPAWN".
(Unix Back Orifice Source Code available at www.rootshell.com.)

With this, we could execute:

"C:\WINNT\system32\ping.exe -t -l 65000 some.computer.com"  For NT
                                or
"C:\windows\ping.exe -t -l 65000 some.computer.com"   For Win95/98

Lets say we had a list of 3000 systems with the Back Orifice server
running, and we sent the encrypted(XOR -
http://xforce.iss.net/alerts/advise5.php) UDP packets to all 3000
systems in the list...  to spawn the process:

"C:\windows\ping.exe -t -l 65000 some.computer.com"

The result would be a large icmp echo_request storm to the specified IP
address. (Similar to smurf)

4000 represents ping buffer size.
3000 represents the amount of hosts in the listfile (List with infected
systems.)

12,000,000=(3000*4000)
So this means we could have 12mbs coming into our pipe.

Im not too sure if many people knew about this, but it's here for those
who didn't know, and to expose that programs written for another use
could be abused for something of its original intent.

Gary H. Jones II   -   Development & Network Security

www.Technogenics.com
Technogenics LTD - Building The Future - Today.