[an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] (none) [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] (none) [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive]
 
[an error occurred while processing this directive] [an error occurred while processing this directive]
Skåne Sjælland Linux User Group - http://www.sslug.dk Home   Subscribe   Mail Archive   Forum   Calendar   Search
MhonArc Date: [Date Prev] [Date Index] [Date Next]   Thread: [Date Prev] [Thread Index] [Date Next]   MhonArc
 

Re: [MISC] Lidt grineren



On Fri, Jul 20, 2001 at 12:10:52PM +0200, Mads Bondo Dydensborg wrote:
> Man skal ikke sparke til folk der ligger ned, men alligevel:
> http://www.wss.net/winupd.jpg
For dem der er til en populistisk gennemgang på dansk:

Det hvide hus under angreb af kinesere.

En gammel fejl i Microsofts Internet Information Server skaber kaos på
Internettet og levere ammunition til et DDoS angreb på det hvide hus.

Af Emil S. Hansen

En orm rette mod IIS er i dag begyndt at angribe det hvide hus' web-server.
Ormen har brugt de sidste par uger til at sprede sig til over 100.000
web-servere. Ormen benytter sig af en gammel sikkerheds fejl i ISS, først
hacker den web-serveren, og ligger en ny index side ind som indeholder et link
til http://www.worm.com og teksten "Hacked by Chinese", der efter starter den
100 nye orme som begynder at angribe tilfældige web-servere. Når det bliver den
20 i måneden begynder alle 100 orme at sende data af sted mod en af
www.whitehouse.orgs web-servere. En inficeret maskine sender 410 MB data af stedmod www.whitehouse.org hver fjerde time.

En fejl i ormens angrebs kode har gjort den let at opdage. Når ormen har
placeret den nye index side og begynder at angribe andre maskiner bliver
adresserne på de nye mål genereret tilfældigt, men en lille fejl i tilfældighedsgeneratoren har gjort at nogle mål vil blive angrebet af alle inficerede
maskiner. En anden mindre fejl i koden har været at IP adressen på
www.whitehouse.org er blevet lagt statisk ind i ormen, så alle orme sender
data af sted mod den samme IP (198.137.240.91). Men denne IP er blevet slette i
alle backbone routere så http://www.whitehouse.org vil stadigvæk være tilgængelig
på nettet.

Microsoft har en side der beskriver det hul som ormen udnytter. Der er også en 
patch samme sted.

eEye har analyseret og beskrevet ormen i detaljer.

[Bemærk der mangler links]

-- 
"I started developing this under a VLIW architecture, but began to find
the length of the instruction words prohibitive - I'd keep getting
distracted mid-word, and my coding efficiency suffered accordingly." -
AC on /.


 
Home   Subscribe   Mail Archive   Index   Calendar   Search

 
 
Questions about the web-pages to <www_admin>. Last modified 2005-08-10, 19:23 CEST [an error occurred while processing this directive]
This page is maintained by [an error occurred while processing this directive]MHonArc [an error occurred while processing this directive] # [an error occurred while processing this directive] *