From owner-freebsd-security  Sun Oct 10 20: 6:50 1999
Delivered-To: freebsd-security@freebsd.org
Received: from bsdie.rwsystems.net (bsdie.rwsystems.net [209.197.223.2])
	by hub.freebsd.org (Postfix) with ESMTP id 29CD814A08
	for <freebsd-security@FreeBSD.ORG>; Sun, 10 Oct 1999 20:06:48 -0700 (PDT)
	(envelope-from jwyatt@rwsystems.net)
Received: from bsdie.rwsystems.net([209.197.223.2]) (2174 bytes) by bsdie.rwsystems.net
	via sendmail with P:esmtp/R:bind_hosts/T:inet_zone_bind_smtp
	(sender: <jwyatt@rwsystems.net>) 
	id <m11aVgi-000CC0C@bsdie.rwsystems.net>
	for <freebsd-security@FreeBSD.ORG>; Sun, 10 Oct 1999 21:59:48 -0500 (CDT)
	(Smail-3.2.0.106 1999-Mar-31 #1 built 1999-Aug-7)
Date: Sun, 10 Oct 1999 21:59:48 -0500 (CDT)
From: James Wyatt <jwyatt@rwsystems.net>
To: Brooks Davis <brooks@one-eyed-alien.net>
Cc: "Nicole H." <nicole@unixgirl.com>, freebsd-security@FreeBSD.ORG
Subject: Re: scanning of port 12345
In-Reply-To: <Pine.GSO.4.10.9910101804350.16508-100000@orion.ac.hmc.edu>
Message-ID: <Pine.BSF.4.10.9910102134290.71027-100000@bsdie.rwsystems.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

By themselves, yes. Step one is to send it in a Trojan or installit during
an open cmd/shell session after an overflow attack. I *know* what the tool
is and think it is a *cool* tool. I also love vnc and BO for remote admin
tools. As I parethesized (new word?), it is usable both ways. The main
differences are in intent and whether the machine owner knows it's used...

Some more differences bteween SMS and BO2K are reliability and disk space
consumed... I like these as admin tools too, but small, efficient, quiet
tools get added to crack scripts first. - Jy@

On Sun, 10 Oct 1999, Brooks Davis wrote:
> On Sun, 10 Oct 1999, James Wyatt wrote:
> > Shareware hacking tool, what a concept if you think about it... (Yeah, can
> > be used for good too, but most...)
> > 
> > If you get into someone's machine with it, you have to send the password
> > to the authors? A copy of the user's quicken files? You sign their name to
> > the crack? My mind is reeling, but that ain't hard nowadays... Jy@
> 
> Neither Netbus or BackOriface provide any machanisms for attacking a
> machine.  Netbus is sold just like any other remote monitoring and admin
> tool including several that cost thousands of dollars.  CDC (the authors
> of BO) have a webpage pointing out that there is almost no difference
> between their product that the Microsoft System Management Server.  It's
> at http://www.cultdeadcow.com/news/pr19990719.html.  Basicaly the
> fundimental difference is that BO2K is free and SMS is really expensive.



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message