Vulnerability Development mailing list archives
BackOrifice == DDoS Server???
From: webmaster () TECHNOGENICS COM (GJones)
Date: Wed, 28 Jun 2000 11:37:33 -0400
2 years ago when Back Orifice made its debut, I've noticed the command "PROCSPAWN". (Unix Back Orifice Source Code available at www.rootshell.com.) With this, we could execute: "C:\WINNT\system32\ping.exe -t -l 65000 some.computer.com" For NT or "C:\windows\ping.exe -t -l 65000 some.computer.com" For Win95/98 Lets say we had a list of 3000 systems with the Back Orifice server running, and we sent the encrypted(XOR - http://xforce.iss.net/alerts/advise5.php) UDP packets to all 3000 systems in the list... to spawn the process: "C:\windows\ping.exe -t -l 65000 some.computer.com" The result would be a large icmp echo_request storm to the specified IP address. (Similar to smurf) 4000 represents ping buffer size. 3000 represents the amount of hosts in the listfile (List with infected systems.) 12,000,000=(3000*4000) So this means we could have 12mbs coming into our pipe. Im not too sure if many people knew about this, but it's here for those who didn't know, and to expose that programs written for another use could be abused for something of its original intent. Gary H. Jones II - Development & Network Security www.Technogenics.com Technogenics LTD - Building The Future - Today.
Current thread:
- BackOrifice == DDoS Server??? GJones (Jun 28)
- Re: BackOrifice == DDoS Server??? John Swensson (Jun 29)
- Re: BackOrifice == DDoS Server??? Masial (Jun 29)
- Re: BackOrifice == DDoS Server??? Bluefish (Jun 29)
- <Possible follow-ups>
- Re: BackOrifice == DDoS Server??? Maxime Rousseau (Jun 29)
- Re: BackOrifice == DDoS Server??? John Swensson (Jun 29)