|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: Another overflow exploit for Apache?
From: Timmothy Posey (timmothy.posey
outdoordecor.com)
Date: Thu Jul 03 2003 - 12:18:38 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
---------------Quote------------------------
Bombing %s, port %d
Unknown host: %s
Syntax: ./hell host port
Port can be any port, any of them work equally well
FUCKER!!!!
su-2.02#
--------------------------------------------
This, if my memory serves correct, is a packeter once called
"modembomber", circa 1996. Quite old (and quite powerful), and I didn't
think it'll still be in use (Google it for source code). Check your
logs to see if massive outgoing traffic from your server. Perhaps a few
minutes before the attacker logged into your server to execute that
bomber. There used to be an addon script to mIRC where it would
automatically login to a server and execute it to attack IRC users.
Many script kiddies were caught this way since their IP was logged right
before the packeting started.
As for how they got in, don't know. Have you chrootkit'd? Hopefully
this isn't a pre-text to Sunday's olympiads...
~~
Timmothy C. Posey
Information System Engineer
OutdoorDecor.com
http://www.outdoordecor.com
timmothy.poseyoutdoordecor.com
205.345.1103 ext. 106
----------------------------------------------------------------------------
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the
world's premier technical IT security event! 10 tracks, 15 training sessions,
1,800 delegates from 30 nations including all of the top experts, from CSO's to
"underground" security specialists. See for yourself what the buzz is about!
Early-bird registration ends July 3. This event will sell out. www.blackhat.com
----------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]