PDA

View Full Version : Very scary!



Nulland Void
01-11-2002, 01:20 PM
http://www.s***estafix.com/cgi-bin/forum/ikon***rd.cgi?s=*c*f262f20edffff;act=ST;f=*6;t=57

I wonder if an anon proxy would protect from that?

DATA
01-12-2002, 04:51 AM
hi null,

the url is moderated in there by the moderator.
will anon proxy save u?
it should,if it is truly anonymous.

i guess how the site disconnected his dial up was a ping of death or similar attack.finding a programme for that is not that difficult.it might how ever require a faster connection to flood a slower connection like a dial up.
Though running zone alarm in there,i dont suppose he configured it probably either.there was some thing tht dialed to that site.

regards Data

Nulland Void
01-12-2002, 11:05 AM
Hi DATA,

Yes, I suspected something like that but...
for the dial-up to get re-connected, it would have to be something over and above that.
He was running ZA Pro, and you'd think it would have stopped a trojan.

I just wonder if a JavaScript could do that? Stay resident and then re-connect.

Also, you'll notice that he had some very dangerous settings enabled in his browser.

They consider the site too dangerous to post the URL. However, they say they'll give it to you if you email them.

DATA
01-13-2002, 12:23 AM
HI,


to the best of my knowledge java script cant be memory resident on its own.

well,i am sorry in misleading u in the above post.


A ping of death is different frm a ping flood.

ping flood be sending multiple ping packets at a very fast rate.

but a ping of death can be even caused by a single over sized ping packet,which would over flow the stack.a few such packets will be enough to crash a system.what i said
"it might how ever require a faster connection to flood a slower connection like a dial up" is not true in case of a ping of death programme.
may be u should read this.
there is a source code of the programm,it just shows a single over sized packet.

www.insecure.org/sploits/ping-o-death.html

u will also find code for spoofing ip for linux.

DATA
01-13-2002, 12:55 AM
hi,


i dont use zone alarm.

will u plz see if u can ping urself after activaing zonealarm


just ping *27.0.0.*


does zone alarm disallow it?


what do u get the reply as?

does it respond?


thank u

regards Data.

Nulland Void
01-13-2002, 09:22 AM
That's a good idea!

Let's hope someone else will pick up on this thread and try it, 'coz I trashed ZA after installing Tiny, so I can't.

I know a Javascript doesn't stay in ram after shutdown, but his box didn't shutdown, he just got disconnected. So maybe a script did stick around long enough to re-initiate a connection.

If I recall, I think there was also a mention of a non-visible popup. If a JavaScript for such a popup contained a "document.write" powered re***** meta tag, then maybe... ?
You can do a lot of stuff with good ol' JS.
I have my Dial up settings to "Never dial a connection", as well as "Do not allow internet programs to use this connection". So I always connect manually.

Also, I'm not sure that it was a ping flood or a ping of death because his computer didn't freeze or crash.

I still favor the theory that it may have something to do with his very unsafe browser's settings.

Nevertheless, it's the first time I ever heard of such a thing happening.