Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 21 Dec 1998 21:09:24 +0500 (KGT)
From:      CyberPsychotic <mlists@gizmo.kyrnet.kg>
To:        Alejandro Galindo Chairez AGALINDO <agalindo@servidor.exsocom.com.mx>
Cc:        freebsd-security@FreeBSD.ORG
Subject:   Re: udp security
Message-ID:  <Pine.LNX.4.05.9812212103280.417-101000@gizmo.kyrnet.kg>
In-Reply-To: <Pine.BSF.3.96.981220122653.3122B-100000@servidor.exsocom.com.mx>
next in thread | previous in thread | raw e-mail | index | archive | help 

[-- Attachment #1 --]
You may want to install this piece, and make it listen the ports which
hackers try to attack. It will save these packs for latter analysis, so
we could see what acrtually they are trying to do. My idea is that they
probably got into via named, but well. Lets' see.. (I did this piece for
kicking Win* Bo scanner dudes, the piece is not quiute secure probably,
maybe vulneriable to DoS attacks, if you'd use a command (so don't)). But
having those packets saved would help you to figure out what actually they
try to do.. maybe they have implememented some kind of backdoor working
over UDP. (well :) I did one myself, when played with a friend of mine, so
:))

--
fygrave@tigerteam.net		http://www.kalug.lug.net

[-- Attachment #2 --]
nv6[{WHϿҧ8D
6ᑦ;&	#K%[,yUw߽UeCș=̎+Un*r,^{
67{bscӴfWvH%REUB<
nG{%іu/eF|2;݂Ng_[o';o_k|znڋ <dt`/LǓ^3imTŬm٩դx>=EҍNj ֳh+BOw}=BMV>Bc}عXz$=iW2u#qƙLEƙI /_eY/]7R-Cp$Lf,3
"wB/<~ύƉllƗJdI^-u/W?
$O+D&U䚶}D<:JDaERLCI–N3bj%6ɱHzޥ̔
EƈJ&Rx8bHbX6-Jl,S)\dIlPjq	8E$3OhP ȼO6w3C)^8RفGR*8l}zF⚑Py,Hjx4&L?TqrʶJ9@CM;'SB,Vp^k*L#i$i0
|Wq3ጓLm]`[1qf:')OB0ZIes %0zEh8FI>M79YFn!0՘@1M3Vl~+E&0Ԝu]6f!$Aa7N^a2DedR2
45
(B90YL0j#Y$Ϛөn[8ro|c4!権5JIl~p+ B+-$kS׬8`GCtd=%@\ /1})_E`p1jm{<qYY
ӽkR:Lu¿J!`Fjaͤuҭ{nxuNnvZ[sk?
ar%:7ٖVVY1^l,#V>Nb3i*46	FJ&h|bmwIm{loE/]A`,bR$aVJnz+
j_a|R@JHRx)m6>gHjXTz!	bS<`\AhG0gT]HuT+8z͆!uB`~n̏e4UM6׵'#/	/O@X׊}m}zﴏG-ʮD+ ~frdrEPtcS!qq<xC4tC=I&C48)>)9
Yfa
-mpnFJkZ<W8d$@0R/RNHM-̥-,g*E]DžXbgچwM`RH1ִaJ@,[yCCf[<NąйF 9
DIԬvv;
>T1ĤP;(hM!3Х*e&VW+*H_R&	+}tӑ:?6[w;[Ϛ&~X&is!!!kڳ,r߂Lړikxz'RO\hed<V[Y}-EN],uCHm}	iA:V)!YW²0]"ie
6 ǯKUgdhH0TpY8oߝgfҚ`qBxнM:$7;},L2p#	؜J d1*$K8`r)ڹY?4"'N(fA+ )ZkP'.Рӡ'>|hV~ғ24$G'gMgEB1eKWԣ<B^*bKD*)-{-) cdJ
Ē$dߡQE-{|%7
{'Q'g0ig]9<H[N
Jf&{wp7,~R.<|m(
}T뫕ɚmBOHG1֖m!@GrqʚM*7Gmd4`;^+ƒ{#bm]lLRd+y0WIsJ^xDHlgV9(
9+
pPpz@p()q-;" 64m8f鋧Fjv큀SqOB{9?w¢T/R^'̧L{O<[pQCI" 'j'\5Ehѹ`hm!XM9mm'n;a#4\a||n~hCHG.Y@נtUa>oCrOO&\P^cË2LƐ1k0@]z_3xa`$Ţ %$fVZ|JֈXqgnʵ2&7UsVz:xbc5Iw>.&P$Ue"&#I,a֥3V';Y֖L:CxXjDg(MrhD^:-<+~V@>~'4T*|to;9>.hwg5O*XEqyx[γT0$כN%wVOU*jwb(Wc^;Z@hl_5NW>~hjD2ߓԩi~e`1R|2MgNRU+󥉬"p'at;0/$C2ۇY}AAH~Od7m8C "űis;%FW%WmC.pf.I"Bg#0r`p5&Oj,xE88qFAx)ϰDВ҆\sNjrIIur^T+@>6j[k+T)(5u	/2-̈́$M9Ma2VۍgQ5X!džEjp)0V	2SB7=?<Y1鷢gpͩ9/Zs)nr*Fr@zh덥13BZ	
q,"|ԋO T2s5
,v>io0ci*5bSՇeI!4p)#.,qeY0-uX͏64VlE/TeQuSH1i0Ec)T=UM}ZG|`~_<&ۂjUψtZ[Ǖxe4< n_NtlhōPJYe47Et9?`]O]f!LLƯGdMZ8clǃ3З/5utqͤ?v7.}`Rɬ&dHv卧MUY]WMjQͰ=|7EYCzem.h(4{[;ٺ3:_@)8/V7[/ϗ_ٹzr}Ƕ8
F2uLK\5
?}m
ӎ_>z.e݈W
@N\Z}zF|t쟛I
zsfI`(i{R^Ҕxo/`u} "B;~BNhV`==RwpLA~Y`WFv$!޾(\PE}V( )KY_BfK6̉$,a̪_j!Ds1s><ҠIn"D1.o4T2"c_{oZ"Z5Z<6߬o~Q__ow{K=}t2_{u:MujU
#RexV/iFc'g|x!}weauD
UnjPqkh(5J*WƽapŤ"[c5E@4Vzu}BC)I;(Cn.GjIQO-NN$B&>Z.1Čo2e7Ԩ65M}'zpg]OpnMS2,ă?~hV0̗ 
BݣD8H?t3rZR:߉)/̆ [\R	ƸUOf:C99L7\ӃyLZ!Ƈb[7c]ڄ.>Y
Z/DԨh<A/>H-~ //f:^IbP:|?`W]fe]\WYZa(j`)8X=8fbRX骠ĴZT$tsrKN׬v_#.WyaXzO(0Slu?z/۲-۲-۲-۲-۲-۲-۲-۲-۲-ۿq;D8P

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.05.9812212103280.417-101000>