[olug] luser trickery

Andrew andrew at einer.org
Fri May 17 22:57:57 UTC 2002 

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-020.asp 


The above link does a much better job of explaining the actual 'exploit' 
used here than I did in my previous e-mail.  The true exploit in this 
case (I believe) isn't the iFrame vulnerability, but the way it was 
used.  As to what's running on port 666... well...  It's not a 
'standard' port (ie, it's not listed in /etc/services).  So what could 
it be?

A short list of exploits known to run on port 666:

Attack FTP, Back Construction, Cain & Abel, NokNok, Satans Back Door - 
SBD, ServU, Shadow Phyre

You can google for more I'm sure, but this list was from 
http://www.sans.org/newlook/resources/IDFAQ/oddports.htm

sans is a fairly reliable source.  ;)

Andrew

Mark Martin wrote:

>Okay, Brian.  For those of us who were naive enough to trust you and followed 
>your link believing that you wouldn't risk damaging our systems and were 
>providing a link to a description of an exploit that we should avoid rather 
>than enticing us into compromising our systems with a cryptic "warning", 
>would you please explain what the (insert favorite expletive here) you have 
>done to our systems?  Galeon showed an almost completely blank page but I 
>found an uninvited server listening on the doom port (666) thereafter, which 
>I am guessing came from your exploit.  Do those of us who trusted you have to 
>waste more of our lives cleaning up after your joke?  Maybe the first 
>security lesson to learn from your message is not to trust you.
>
>Also, I'm guessing that "luser" is really "loser".  Ha, Ha.  I'm a loser.  
>Now, can you please tell us slower students what you did so we can stop 
>wasting our time and stop worrying about what nefarious code is covertly 
>running on our boxes?
>
>Mark
>
>  
>




-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

For help contact olug-help at olug.org - run by ezmlm
to unsubscribe, send mail to olug-unsubscribe at olug.org
or `mail olug-unsubscribe at olug.org < /dev/null`
(c)1998-2002 OLUG http://www.olug.org

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

More information about the OLUG mailing list