[Dshield] SQLSlammer & Netsky.E

Benjamin M.A. Robson ben at robson.ph
Thu Mar 18 00:19:31 GMT 2004


Doug,

In this particular case, no I couldn't.

The attack vector for the test is to insert the SQLSlammer worm in to
their environment via an 'upload' function within their web portal.  The
intention being to upload the file to their semi-public area, and to
have it in such a way as to either convince one of their 'authorised'
customers to execute it thus infecting the customer (remember this is a
non-production system so this wasn't going to actually happen) or for an
operator (or a system they use) to execute it and thus inject it in to
their internal systems.

All of this is to be done from outside of their environment with no more
than a username and password granted for the web portal (acting as if I
am a pissed off customer or the like).  As such a commandline style
scanner would not do the job.

Thanks for mentioning the tool however.

BenR



On Thu, 2004-03-18 at 05:39, Doug Goss wrote:
> You could use scanslam
> http://www.robertgraham.com/tools/scanslam/
> Doug Goss
> 
> 
> Benjamin M.A. Robson wrote:
> 
> >I know this is going to be controversial but...
> >
> >The desire for Netsky.E could (and was) served by Eicar.  But I want
> >SQLSlammer as the intention of this test is to actually perform a
> >destructive test with the objective of causing systems to fail.
> >
> #############################################################################
> Notice: 
> This e-mail message is only intended to be read by the named recipient.  It 
> may contain information which is confidential, proprietary or the subject of
> legal privilege.  If you are not the intended recipient please notify the
> sender immediately and delete this e-mail.  You may not use any information
> contained in it.  Legal privilege is not waived because you have read this
> e-mail.  
> 
> For further information on the Beca Group of Companies, visit our web page
> http://www.beca.co.nz
> #############################################################################
> 
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list