|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
ATD OpenSSL Mass Exploiter Analysis (another "/sumthin" scan tool)
From: Joe Stewart (jstewart
lurhq.com)
Date: Mon Apr 07 2003 - 16:54:54 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
There have been several posts over the past few months inquiring about http
requests with the fingerprint "GET /sumthin HTTP/1.0". One poster found source
code and posted it here:
http://www.securityfocus.com/archive/75/313283/2003-02-23/2003-03-01/2
I have however come across a completely different tool that uses the same
GET request. It may be a second version of the tool, but the package has
some interesting properties, perhaps even a surprise for the script kiddies
who are using it. It comes packaged as a set of binaries, so I have
disassembled it and have posted an analysis here:
http://www.lurhq.com/atd.htm
-Joe
--
Joe Stewart, GCIH
Senior Intrusion Analyst
LURHQ Corporation
http://www.lurhq.com/
<b>
----------------------------------------------------------------------------
Is SPAM over-loading your e-mail server, disk space or bandwidth?
SurfControl E-Mail Filter is flexible, intelligent and policy-driven
protection.
http://www.securityfocus.com/SurfControl-incidents2
Download your free fully functional
trial, complete with 30-days of free technical support.
Stop SPAM before it stops you.
----------------------------------------------------------------------------
</b>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]