Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1998_4

Bugtraq archives for 4th quarter (Oct-Dec) 1998: Re: Internet Wide DOS Attack using IRC

Re: Internet Wide DOS Attack using IRC

Bencsath Boldizsar (boldiBUDAPEST.HU)
Sat, 3 Oct 1998 00:40:39 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: [deicide]: "Re: Internet Wide DOS Attack using IRC"
Previous message: Kameron Gasso: "Re: Internet Wide DOS Attack using IRC"
In reply to: dbarba: "Internet Wide DOS Attack using IRC"
Next in thread: Paralyse: "Re: Internet Wide DOS Attack using IRC"

Hi!

So, we can declare, that this should be a BACK ORIFICE attack, which is
often distributed on ICQ & IRC as a game, or something like that.
BO has several feautres, like plugins, which can be used to notify the
"owner,distributor" of the "BO server" about the new ip number of the
server.
If the distributor is using defaults, e.g. no password set, and port 31337
is used, then the unix client can be used to inform the user by a system
dialogbox about the attack, but - it is funny- most people think it's a
joke, that his machine is open, or they think, if they get this message,
that someone tries to attack their computer by this fake news..

Anyway, it's true, there is a (or more?) bo "remover" tool, which doesn't
removes bo, just puts on another port..

So with the default install, it is also possible to get out the users'
email from their registry file, like Blizzard did it some times ago, and
then write some serious email about the removal of this tool.

But, it's not easy to do this, if a password is set on the client. And the
distribution is another problem: If someone will put BO in some install
packages of true softwares, which can be distributed by anything, CD in a
magazine, or by the internet - this will infect many many computers. And
even virus scanners are not used by everyone.

And this is the point when Microsoft made serious mistakes. Write software
for everybody, which is so easy to manage, that you don't need anybody's
help, and so you don't need to know anything about your computer? The the
dialup resellers: They don't say You: Hey, You are in some kind of risk,
if you are connected.
So, many many people don't want to know anything about their computer, and
this is a big trap.

And if we found solutions for BO, anything like disabling in routers, ...,
there is still chance, that anybody else can write programs like that.
Smarter ones.

All I can say , that it's far more important to let the people know about
this kind of attack, than it was by the first virii of the pc.
Imagine a big company with a bad intranet, and a silly secretary who gets
this file, and some secrets of the company is landing at the other
company's side..


--------------------------------
Bencsath Boldizsar
boldiinf.bme.hu boldirulez.org
http://www.inf.bme.hu/~boldi
--------------------------------

Next message: [deicide]: "Re: Internet Wide DOS Attack using IRC"
Previous message: Kameron Gasso: "Re: Internet Wide DOS Attack using IRC"
In reply to: dbarba: "Internet Wide DOS Attack using IRC"
Next in thread: Paralyse: "Re: Internet Wide DOS Attack using IRC"