- Posts: 521
- Thank you received: 0
Question/problem for internet networking doods
21 years 1 month ago #1577
by tfs
Thanks,
Tom
Replied by tfs on topic Re: Question/problem for internet networking doods
So was I. :lol:
If you can't laugh about viruses, you'd cry !!!
If you can't laugh about viruses, you'd cry !!!
Thanks,
Tom
21 years 1 month ago #1580
by sahirh
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
Replied by sahirh on topic Re: Question/problem for internet networking doods
All these new macro viruses / worms are a piece of junk ! Remember the old DOS days ? Die Hard 2 took me something like 2 weeks to clean up completely, it just attached to every exe file !
And remember the good old TSR (Terminate and Stay Resident) virii ? those were painful ! hehe boy I miss the old days.
And remember the good old TSR (Terminate and Stay Resident) virii ? those were painful ! hehe boy I miss the old days.
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
21 years 1 month ago #1581
by tfs
Thanks,
Tom
Replied by tfs on topic Re: Question/problem for internet networking doods
Yes, they just test your patience.
We were hit with Code Red, Code Red II, and Nimda - all in about a month. We never did clean them off completely. You just kind of sluff it off after a while and say "Oh well, tomorrow is another day"!!! :roll:
We were hit with Code Red, Code Red II, and Nimda - all in about a month. We never did clean them off completely. You just kind of sluff it off after a while and say "Oh well, tomorrow is another day"!!! :roll:
Thanks,
Tom
21 years 1 month ago #1590
by sahirh
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
Replied by sahirh on topic Re: Question/problem for internet networking doods
Some people I know have seen so many Code Red / Nimda traffic packet dumps that they just look at the hex and they go 'oh theres some Nimda' lol..
For those who've never seen what a worm looks like when its squigling around
[code:1]
0x0000: 00 xx xx xx xx xx xx xx xx xx xx xx xx 00 45 00 ....:1..c.....E.
0x0010: 01 6B 14 D8 40 00 74 06 CB 4A 42 38 73 DB xx xx .k..@.t..JB8s..,
0x0020: xx xx 0A 48 00 50 D3 E1 DB 51 DF BA C7 95 50 18 .*.H.P...Q....P.
0x0030: FA F0 6E 66 00 00 47 45 54 20 2F 5F 76 74 69 5F ..nf..GET /_vti_
0x0040: 62 69 6E 2F 6F 77 73 73 76 72 2E 64 6C 6C 3F 55 bin/owssvr.dll?U
0x0050: 4C 3D 31 26 41 43 54 3D 34 26 42 55 49 4C 44 3D L=1&ACT=4&BUILD=
0x0060: 32 36 31 34 26 53 54 52 4D 56 45 52 3D 34 26 43 2614&STRMVER=4&C
0x0070: 41 50 52 45 51 3D 30 20 48 54 54 50 2F 31 2E 31 APREQ=0 HTTP/1.1
0x0080: 0D 0A 41 63 63 65 70 74 3A 20 2A 2F 2A 0D 0A 41 ..Accept: */*..A
0x0090: 63 63 65 70 74 2D 45 6E 63 6F 64 69 6E 67 3A 20 ccept-Encoding:
0x00A0: 67 7A 69 70 2C 20 64 65 66 6C 61 74 65 0D 0A 55 gzip, deflate..U
0x00B0: 73 65 72 2D 41 67 65 6E 74 3A 20 4D 6F 7A 69 6C ser-Agent: Mozil
0x00C0: 6C 61 2F 34 2E 30 20 28 63 6F 6D 70 61 74 69 62 la/4.0 (compatib
0x00D0: 6C 65 3B 20 4D 53 49 45 20 36 2E 30 3B 20 57 69 le; MSIE 6.0; Wi
0x00E0: 6E 64 6F 77 73 20 4E 54 20 35 2E 31 3B 20 51 33 ndows NT 5.1; Q3
0x00F0: 31 32 34 36 31 29 0D 0A 48 6F 73 74 3A 20 77 77 12461)..Host: ww
[/code:1]
Hmm I have the assembler code archived on CD somewhere... just 376 bytes of assembly code.. can you imagine ?
For those who've never seen what a worm looks like when its squigling around
[code:1]
0x0000: 00 xx xx xx xx xx xx xx xx xx xx xx xx 00 45 00 ....:1..c.....E.
0x0010: 01 6B 14 D8 40 00 74 06 CB 4A 42 38 73 DB xx xx .k..@.t..JB8s..,
0x0020: xx xx 0A 48 00 50 D3 E1 DB 51 DF BA C7 95 50 18 .*.H.P...Q....P.
0x0030: FA F0 6E 66 00 00 47 45 54 20 2F 5F 76 74 69 5F ..nf..GET /_vti_
0x0040: 62 69 6E 2F 6F 77 73 73 76 72 2E 64 6C 6C 3F 55 bin/owssvr.dll?U
0x0050: 4C 3D 31 26 41 43 54 3D 34 26 42 55 49 4C 44 3D L=1&ACT=4&BUILD=
0x0060: 32 36 31 34 26 53 54 52 4D 56 45 52 3D 34 26 43 2614&STRMVER=4&C
0x0070: 41 50 52 45 51 3D 30 20 48 54 54 50 2F 31 2E 31 APREQ=0 HTTP/1.1
0x0080: 0D 0A 41 63 63 65 70 74 3A 20 2A 2F 2A 0D 0A 41 ..Accept: */*..A
0x0090: 63 63 65 70 74 2D 45 6E 63 6F 64 69 6E 67 3A 20 ccept-Encoding:
0x00A0: 67 7A 69 70 2C 20 64 65 66 6C 61 74 65 0D 0A 55 gzip, deflate..U
0x00B0: 73 65 72 2D 41 67 65 6E 74 3A 20 4D 6F 7A 69 6C ser-Agent: Mozil
0x00C0: 6C 61 2F 34 2E 30 20 28 63 6F 6D 70 61 74 69 62 la/4.0 (compatib
0x00D0: 6C 65 3B 20 4D 53 49 45 20 36 2E 30 3B 20 57 69 le; MSIE 6.0; Wi
0x00E0: 6E 64 6F 77 73 20 4E 54 20 35 2E 31 3B 20 51 33 ndows NT 5.1; Q3
0x00F0: 31 32 34 36 31 29 0D 0A 48 6F 73 74 3A 20 77 77 12461)..Host: ww
[/code:1]
Hmm I have the assembler code archived on CD somewhere... just 376 bytes of assembly code.. can you imagine ?
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
Time to create page: 0.125 seconds