| Revision as of 01:23, 6 August 2004 editTimwi (talk | contribs)Administrators32,135 editsm bold← Previous edit | Latest revision as of 19:59, 19 July 2009 edit undoBrandon (talk | contribs)Edit filter managers, Administrators22,449 edits properly... | ||
| (19 intermediate revisions by 15 users not shown) | |||
| Line 1: | Line 1: | ||
| #REDIRECT ] | |||
| '''Doze4''' is an ] ], often left behind by ] after a successful ]. Once deployed, it seems to connect to ], waiting for commands from its owner. A typical use is for ], sending the string "0123456789" over and over again to remote hosts; the program seems to have few other uses. | |||
| The source code for Doze4 does not seem to be readily available (only a ] ] binary is known); however, the program is small and does not appear to be encrypted, so disassembling it should be fairly easy given enough time and interest. The commands and help appear to be written in ], containing brief online help; the strings within the binary seem to claim Doze4 was written by a person with the alias "phyton". | |||
| Doze4 seems to a generic "off-the-shelf" tool (which is probably why it has become popular among script kiddies), in that it does not require any recompilation or tweaking to work; once deployed, it can be customized via command-line parameters to attack any host on any given port, also with a claim of ]; however, it is not generally known what this spoofing means in practice, let alone if it works at all. | |||
| System administrators encountering doze4 running on their own systems should use ] to find out who the program is attacking (if any), do any required tracking work to identify the hole the attacker used and then kill off all doze4 processes as soon as possible. | |||
Latest revision as of 19:59, 19 July 2009
Redirect to: