cacti
+ Reply to Thread
Results 1 to 6 of 6

Thread: Very scary!

  1. #1
    Join Date
    Nov 2001
    Posts
    68

    Very scary!

    [url]http://www.s***estafix.com/cgi-bin/forum/ikon***rd.cgi?s=*c*f262f20edffff;act=ST;f=*6;t=57[/url]

    I wonder if an anon proxy would protect from that?
    Last edited by Nulland Void; 01-11-2002 at 01:25 PM.
    Openly covert.

  2. #2
    Join Date
    Jun 2001
    Posts
    398

    which is the site?

    hi null,

    the url is moderated in there by the moderator.
    will anon proxy save u?
    it should,if it is truly anonymous.

    i guess how the site disconnected his dial up was a ping of death or similar attack.finding a programme for that is not that difficult.it might how ever require a faster connection to flood a slower connection like a dial up.
    Though running zone alarm in there,i dont suppose he configured it probably either.there was some thing tht dialed to that site.

    regards Data

  3. #3
    Join Date
    Nov 2001
    Posts
    68
    Hi DATA,

    Yes, I suspected something like that but...
    for the dial-up to get re-connected, it would have to be something over and above that.
    He was running ZA Pro, and you'd think it would have stopped a trojan.

    I just wonder if a JavaScript could do that? Stay resident and then re-connect.

    Also, you'll notice that he had some very dangerous settings enabled in his browser.

    They consider the site too dangerous to post the URL. However, they say they'll give it to you if you email them.




    Last edited by Nulland Void; 01-12-2002 at 11:15 AM.
    Openly covert.

  4. #4
    Join Date
    Jun 2001
    Posts
    398
    HI,


    to the best of my knowledge java script cant be memory resident on its own.

    well,i am sorry in misleading u in the above post.


    A ping of death is different frm a ping flood.

    ping flood be sending multiple ping packets at a very fast rate.

    but a ping of death can be even caused by a single over sized ping packet,which would over flow the stack.a few such packets will be enough to crash a system.what i said
    "it might how ever require a faster connection to flood a slower connection like a dial up" is not true in case of a ping of death programme.
    may be u should read this.
    there is a source code of the programm,it just shows a single over sized packet.

    [url]www.insecure.org/sploits/ping-o-death.html[/url]

    u will also find code for spoofing ip for linux.

  5. #5
    Join Date
    Jun 2001
    Posts
    398

    ping behind zonealarm?

    hi,


    i dont use zone alarm.

    will u plz see if u can ping urself after activaing zonealarm


    just ping *27.0.0.*


    does zone alarm disallow it?


    what do u get the reply as?

    does it respond?


    thank u

    regards Data.

  6. #6
    Join Date
    Nov 2001
    Posts
    68
    That's a good idea!

    Let's hope someone else will pick up on this thread and try it, 'coz I trashed ZA after installing Tiny, so I can't.

    I know a Javascript doesn't stay in ram after shutdown, but his box didn't shutdown, he just got disconnected. So maybe a script did stick around long enough to re-initiate a connection.

    If I recall, I think there was also a mention of a non-visible popup. If a JavaScript for such a popup contained a "document.write" powered re***** meta tag, then maybe... ?
    You can do a lot of stuff with good ol' JS.
    I have my Dial up settings to "Never dial a connection", as well as "Do not allow internet programs to use this connection". So I always connect manually.

    Also, I'm not sure that it was a ping flood or a ping of death because his computer didn't freeze or crash.

    I still favor the theory that it may have something to do with his very unsafe browser's settings.

    Nevertheless, it's the first time I ever heard of such a thing happening.
    Last edited by Nulland Void; 01-13-2002 at 09:27 AM.
    Openly covert.

+ Reply to Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts