|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical worm design (Re: Level3 routing issues?)
MS> Date: Sat, 25 Jan 2003 10:17:01 -0800 (PST) MS> From: Marc Slemko MS> It is interesting to note that one inadvertent advantage of open MS> source (when it requires people to compile from source, and pick MS> and choose options at compile time... popular distributions with MS> precompiled packages obviously break this to a certain degree) is MS> that it leads to a much more heterogenous set of software WRT MS> attacks like buffer overflows. 1. Position-relative opcodes used in shellcode 2. Syscalls triggered via a software trap, not subroutine call 3. Dynamic linking involves fixups stored in the binary 4. Activate a syscall, then check the stack to find %eip Eddy -- Brotsman & Dreger, Inc. - EverQuick Internet Division Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 (785) 865-5885 Lawrence and [inter]national Phone: +1 (316) 794-8922 Wichita ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Date: Mon, 21 May 2001 11:23:58 +0000 (GMT) From: A Trap <[email protected]> To: [email protected] Subject: Please ignore this portion of my mail signature. These last few lines are a trap for address-harvesting spambots. Do NOT send mail to <[email protected]>, or you are likely to be blocked.
|