[lug] using tcpdump to emulate effects of packet dump
D. Stimits
stimits at comcast.net
Thu Jul 17 22:07:49 MDT 2003
jd wrote:
> netsend
>
> or
>
> smbclient -M
>
> this will be suffcant to spam most people....however there is a newer
> style that uses rpc i guess. I would just classify the traffic and then
> only allow it from my ups
>
> here is some fun i had with my roomate...had to edit the text for the
> list though.....
smbclient is using something on I think port 135 or 137 through 139.
This message service has *multiple* ways in, it is not a single API.
Ports 135 and 137:139 are already blocked 100% to and from the outside
world. ZoneAlarm also deals with those ports. What I need is to clone
the tcpdump packet and send it to port 1026 of my local test machine and
see it pop up. Then start developing a tool that will neutralize it from
windows, and publish the tool for free. In no case has bybyeads.com been
hitting a port below 1024.
I was hoping that a raw packet dump or hex readout of bytes in the UDP
spam packet could be sent out without writing a new tool, but apparently
not. I'll write a linux based simple UDP blind sender that only sends
this copy of their bytes on UDP to the test machine (hopefully it will
"do the right thing", it will be harder if a simple clone of the UDP
packet data is only part of reproducing it).
D. Stimits, stimits AT comcast DOT net
>
>
> .#! /usr/bin/perl -w
>
> $z = '1';
> while($z){
> open( PIPE, "|/usr/bin/smbclient -M THEBUSCUIT");
> print PIPE "\n";
> $it = ;
> print PIPE "SEE THIS TEXT BJ?";
>
> close(PIPE);
> print "IT = $it";
> }
>
>
> hth,
> jd
More information about the LUG
mailing list