PC Ekspert Forum

PC Ekspert Forum (https://forum.pcekspert.com/index.php)
-   Operativni sustavi (https://forum.pcekspert.com/forumdisplay.php?f=36)
-   -   blaster worm (https://forum.pcekspert.com/showthread.php?t=33100)

blondie 04.02.2006. 13:56
blaster worm
 
možete mi reći čemu služi win xp zakrpa blaster worm

domy_os 04.02.2006. 14:06
Po seljački: krpa rupu u Windowsima kroz koju se može provuć crv Blaster i naredit isključivanje kompa čim se spojiš na net. :D

blondie 04.02.2006. 17:24
a po stručno......

zippo 04.02.2006. 18:31
I ovako po seljacki je dobro receno. Vise od toga nije vrijedno pisanja, ako nemas instaliranu zakrpu pozuri jer vrag nikad ne spava....:D

AC Thunder 09.02.2006. 09:15
Ovo radi crv Blaster:

Distributed Denial of Service Attack

Once it secures an Internet connection, this worm checks for the current system date. On the following system dates, it launches a thread that performs a Distributed Denial Of Service attack against windowsupdate.com:

* On the 16th to the 31st day of the following months:

o January
o February
o March
o April
o May
o June
o July
o August

* Any day in the month of September to December.

When performing the DDoS attack, this worm constructs a specially crafted packet around 40 Bytes in size, and continuously sends it as a SYN packet request to http://www.windowsupdate.com every 20 milliseconds.

The packet does not contain any data except for its TCP/IP header. It is constructed such that this worm can spoof the sender’s IP address.

Also, if this worm fails to resolve the Web site, http://www.windowsupdate.com, it uses 255.255.255.255 as destination address instead for the DDoS attack.

As of this writing, Microsoft had already disabled the redirection of http://www.windowsupdate.com to the real Windows Update site, http://microsoft.windowsupdate.com. This prevents the Windows Update site from being attacked by the worm’s DDoS payload.

Exploiting the RPC DCOM Buffer Overflow

This worm exploits the RPC DCOM BUFFER OVERFLOW, a vulnerability in a Windows Distributed Component Object Model (DCOM) Remote Procedure Call (RPC) interface, to infect remote machines. The vulnerability allows an attacker to gain full access and execute any code on a target machine, leaving it compromised.
(TrendMicro)

Ukratko Blaster zajebava Microsoft update zatrpavajuci ih paketima velicine 40 Bytes sa zarazenog kompa dok je spojen na internet. Jednostavno, ak apliciras zakrpu Blaster to vise nece moci raditi, a komp se nece odspajati sa interneta.

P.S. Blastera dobijes sasvim slucajno dok si na internetu (a nemas instaliranu zakrpu) jer on stalno skenira IP adrese sistemom slucanosti i provjerava da li je port 135 nezasticen, kad nanjusi otvorena vrata upada i zabava pocinje.


Sva vremena su GMT +2. Sada je 14:17.

Powered by vBulletin®
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
© 1999-2024 PC Ekspert - Sva prava pridržana ISSN 1334-2940
Ad Management by RedTyger