http://grc.com/dos/grcdos.htm

It makes for very interesting reading.

I must agree with you, it does sound vaguely familiar....but if it's who I think you mean it is, why haven't we had a similar attack?

GRC's recounting is chilling. I must say I am somewhat upset with how he is handling the attacker, but I am more upset at the attacker. He has an ego problem. He is capable enough to write a real zombie, but he thinks the world sees him as a script kiddie? 'Course, he has the slackass grammar of a wArEz d00d, so what can you expect?

Anyway... it bothers me because I haven't had the time to set up my Linux box, so my fiancées W2K box is just setting on our RR connection. RR offers no protection, and I don't care to add anything to that Windows box since I don't want it to be setting there.

Anyway... my machine is the kind of machine that could very well be a zombie. If only I had more time at home to fix everything, and if Linux didn't require so much time and attention.

Jon - yep, that's who I mean. I didn't say it *was* him, but it's just worrying if other 13-year-olds can do this.

okay, stop fanying around the bush (now that's an extression ;) ), who do we think it is?

We don't think it's him...we know who it is - "wicked" or someone.

Anyway, the person in question is Lee Trager :eek:

Well, the person is question has a past with the FBI. Does Lee?

My favorite line...

Attack-Neutered Mutant Zombies

I read the article a while ago, and if I am correct WicKeD didn't write the zombie, merely used a hex-editor to change the name of it. Not a very complicated task. Just takes a kid with no supervision and the will to know how to do it.

Doing a dDoS attack doesn't take any kind of brains either. I was installing and using linux at that age. Even learned how to send fairly anonymous email and when windows 95 came out, found out how to get into those machines. Never had any melitious intent though. I pitty WicKeD because in 5 years he's not even going to know what hit him.

Never did learn how to spell though.... Priorities I guess, right? ;)

Yes, Wicked did not write his 'bots. He is, very much so, a script kiddie.

I wish I had the oppurtunities he has. I wish I had grown up with computers. Wow... the things I could do.

Oh well... I'll play catch up the rest of my life.

I've been having problems all day pulling down GRC's web pages. Is it just me, or are they swamped with another attack or massive interest?

Most likely massive interest at this stage. I got the MailBot email from him earlier today (about 5 minutes before I posted the link) so it's probably roused many people's curiosities.

Originally posted by parksie
Anyway, the person in question is Lee Trager :eek: Interesting............

............who the f**k is Lee Trager?!?why haven't we had a similar attackWho's "we"? VBW? What conxion does he have with VBW?

...otherwise known as nukem996 (996? 966? 666? :p)

Oh right. So his idea of "hacking my arse" would be a DoS would if?!? Good skills. :D

Wouldn't make much difference if he did DoS VBW, it's been a slow old dog recently anyway.

How do we know it's him?

Well, you could compare Nukem's post to the mail from Wiked. See if they are the similar.

A Quick & Easy Check for IRC Zombie/Bots

If you have managed to read all the way through this lengthy and detailed adventure, I am sure you will agree that you do NOT want any of these nasty Zombies or their relatives running around loose inside your PC. Fortunately, it's quite easy to verify that your system is not currently infected by one of these IRC Zombie/Bots.

All of the IRC Zombie/Bots open and maintain static connections to remote IRC chat servers whenever the host PC is connected to the Internet. Although it is possible for an IRC chat server to be configured to run on a port other than "6667", every instance I have seen has used the IRC default port of "6667".

Consequently, an active connection to an IRC server can be detected with the following command:


netstat -an | find ":6667"
Open an MS-DOS Prompt window and type the command line above, then press the "Enter" key. If a line resembling the one shown below is NOT displayed, your computer does not have an open connection to an IRC server running on the standard IRC port. If, however, you see something like this:




TCP 192.168.1.101:1026 70.13.215.89:6667 ESTABLISHED
. . . then the only question remaining is how quickly you can disconnect your PC from the Internet!
A second and equally useful test can also be performed. Since IRC servers generally require the presence of an "Ident" server on the client machine, IRC clients almost always include a local "Ident server" to keep the remote IRC server happy. Every one of the Zombie/Bots I have examined does this. Therefore, the detection of an Ident server running in your machine would be another good cause for alarm. To quickly check for an Ident server, type the following command at an MS-DOS Prompt:


netstat -an | find ":113 "
As before, a blank line indicates that there is no Ident server running on the default Ident port of "113". (Note the "space" after the 113 and before the closing double-quote.) If, however, you see something like this:




TCP 0.0.0.0:113 0.0.0.0:0 LISTENING
. . . then it's probably time to pull the plug on your cable-modem!



um I just did
netstat -an | find ":6667"

and this is what I got
C:\WINDOWS\Desktop>netstat -an | find ":6667"
TCP 0.0.0.0:6667 0.0.0.0:0 LISTENING
TCP 24.14.93.103:1026 24.14.93.xxx:6667 ESTABLISHED
TCP 24.14.93.103:6667 24.14.93.xxx:1026 ESTABLISHED



I don't have any IRC Clients activated...
should I be scared?

oh wait that is my ip
I have a UPC monitoring program I think thats it never mind then

well, this according to this...If, however, you see something like this:

TCP 192.168.1.101:1026 70.13.215.89:6667 ESTABLISHED

then the only question remaining is how quickly you can disconnect your PC from the Internet! ...yes!

It doesn't display anything on mine and just exits netstat. Hopefully that is because it's got nothing to show...

As I've said before - IT'S NOT NUKEM!

Originally posted by parksie
As I've said before - IT'S NOT NUKEM! :confused: you said it was him?

No I didn't. I said it was a worrying thought about 13-year-olds doing this, and pointed out Nukem as someone who was just *saying* about it, but if others his age are *doing* it.

well I said Interesting............

............who the f**k is Lee Trager?!?then you said...otherwise known as nukem996 (996? 966? 666? )unless that was a continuation from your last post which was so it's probably roused many people's curiosities.and what was As I've said before - IT'S NOT NUKEM! directed at anyway? nobody had accused you of saying it was and we were talking about netstat anyway :confused: :confused:

Oh well :D

Who was it that found out nukem's name? I think I remember Simon telling me some months ago... How'd ya do it Simon?

Chris - it was directed at everyone thinking it was nukem because it wasn't, and I had specifically said that.