[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] mydoom.c information

To: John Sage <jsage@xxxxxxxxxxxxxx>, morning_wood <se_cur_ity@xxxxxxxxxxx>
Subject: Re: [Full-Disclosure] mydoom.c information
From: Gyrniff <root@xxxxx>
Date: Sun, 7 Mar 2004 22:16:30 +0100

As I recall the -L option (persistent listener) only works on the windows 
port. 

On Sunday 07 March 2004 20:44, John Sage wrote:
> Now I'm confused...
>
> On Sun, Mar 07, 2004 at 09:43:03AM -0800, morning_wood wrote:
> > From: "morning_wood" <se_cur_ity@xxxxxxxxxxx>
> > To: <full-disclosure@xxxxxxxxxxxxxxxx>
> > Subject: [Full-Disclosure] mydoom.c information
> > Date: Sun, 7 Mar 2004 09:43:03 -0800
> >
> > > > bascially looking for sync-src-1.00.tbz.  That message was
> > > > posted to this
> > >
> > > avail on infected hosts
> > >
> > > > This is how I came to be in possession of it:
> > > >
> > > > nc -l -p 3127 > doomjuice.dump
> > > >
> > > >  You will probably want to write a loop to restart netcat
> > > > because it exits after a successful transfer.
> >
> >  nc -L -p 3127 > out.txt note: " -L " will not exit your netcat, as
> >  it is for a persistant listener.
>
> /* snip */
>
>
> [jsage@sparky /storage/virii] $ nc -h
> GNU netcat 0.7.1, a rewrite of the famous networking tool.
> Basic usages:
> connect to somewhere:  nc [options] hostname port [port] ...
> listen for inbound:    nc -l -p port [options] [hostname] [port] ...
> tunnel to somewhere:   nc -L hostname:port -p port [options]
>
> Mandatory arguments to long options are mandatory for short options too.
> Options:
>   -c, --close                close connection on EOF from stdin
>   -e, --exec=PROGRAM         program to exec after connect
>   -g, --gateway=LIST         source-routing hop point[s], up to 8
>   -G, --pointer=NUM          source-routing pointer: 4, 8, 12, ...
>   -h, --help                 display this help and exit
>   -i, --interval=SECS        delay interval for lines sent, ports scanned
>   -l, --listen               listen mode, for inbound connects
>   -L, --tunnel=ADDRESS:PORT  forward local port to remote address
>
> /* snip */
>
>
> Does persistent listener == tunnel?
>
>
> - John

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- RE: [Full-Disclosure] mydoom.c information
  - From: Chris Eagle

References:
- [Full-Disclosure] mydoom.c information
  - From: morning_wood
- Re: [Full-Disclosure] mydoom.c information
  - From: John Sage

Prev by Date: Re: [Full-Disclosure] mydoom.c information
Next by Date: Re: [Full-Disclosure] mydoom.c information
Previous by thread: Re: [Full-Disclosure] mydoom.c information
Next by thread: RE: [Full-Disclosure] mydoom.c information
Index(es):
- Date
- Thread