Quote:
|
Originally Posted by Grytolle
Alright... Orbiyz claims that ThaSpaz is the crasher. That is very likely too. Anyways, here comes some evidence that should get one person banned:
Log from my server's uptime (about 3 minutes, just estimatedly):
http://www.freewebs.com/grytolle/jaz...hackernoob.txt
2629 69.72.144.19:51534 192.168.0.100:10052 81 Recv
0000 01 0E 01 03 01 00 00 00 00 41 53 44 41 4F 53 46 .........ASDAOSF
0010 48 4F 49 53 41 46 48 4F 53 41 48 47 4F 4C 41 53 HOISAFHOSAHGOLAS
0020 47 46 48 42 50 53 41 4F 4E 41 53 4F 49 4A 53 4E GFHBPSAONASOIJSN
0030 47 50 4F 53 41 48 4E 4F 49 41 47 53 4F 49 48 53 GPOSAHNOIAGSOIHS
0040 46 4F 50 53 41 49 46 48 4F 49 50 53 41 46 48 53 FOPSAIFHOIPSAFHS
0050 41 A
This one sure looks malicious? |
That is definitely the long name crash packet. Apparently whoever did this seems to be experimenting with long name crashes for the first time (he didn't get the packet length right, but not that it matters anyway). Since people have filters for ASD, the user felt like making his own tool for the job that is not stopped by the WPE ASD filters. The long uppercase name is not random, the user must have written it by hand. This is only the first step in his experiment. Next time he'll come up with a program that randomizes a name each time an attack is performed. Bye bye the idea of WPE long name string matching filters.
__________________
<a href="http://nmap.org/"><img border="0" alt="Nmap Security Scanner" src="http://images.insecure.org/nmap/images/prop/nmap_bnr_matrix_pfos.gif"/></a>
|