[Dshield] Disassembly...

Bill Schwanitz bilsch at secureinteriors.com
Thu Aug 14 14:03:29 GMT 2003


Chris Ream wrote:

> I sent it to all who requested (I think)... if you didn't get it let me
> know and I'll send it to you.
>
> Chris.
>
>
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see: 
> http://www.dshield.org/mailman/listinfo/list
>
Chris,

I would be more interested in the binaries of the actual exploit. Mostly 
I wanted to watch a system get infected/compromised live for forensic 
purposes but my ISP is already blocking the ports related to the virus.

Is there a way I could get a copy of any binaries associated with this 
virus along with the disassembly? Also, if you have it, a tcpdump 
session of the attack would be most helpful - in fact, thats really all 
I need. I can get the binaries out of that (which is my goal, along with 
tracing the infection/attack process).

Thanks,

-- 
Bill Schwanitz
Security Analyst II
Secure Interiors
614-675-3757




More information about the list mailing list