From silvio Thu Sep 19 18:17:24 2002 Return-Path: Delivered-To: silvio@big.net.au Received: from big.net.au [202.7.194.4] by localhost with POP3 (fetchmail-5.5.0) for silvio@localhost (single-drop); Thu, 19 Sep 2002 18:17:24 -0700 (PDT) Received: (qmail 44828 invoked from network); 20 Sep 2002 00:36:19 -0000 Received: from unknown (HELO netsys.com) (199.201.233.10) by mail.big.net.au with SMTP; 20 Sep 2002 00:36:19 -0000 Received: from NETSYS.COM (localhost [127.0.0.1]) by netsys.com (8.11.6/8.11.6) with ESMTP id g8K0OeK20986; Thu, 19 Sep 2002 20:24:40 -0400 (EDT) Received: from ns2.sea (ns2.sea.interquest.net [66.135.144.2]) by netsys.com (8.11.6/8.11.6) with ESMTP id g8K0NdK20878 for ; Thu, 19 Sep 2002 20:23:39 -0400 (EDT) Received: from big.net.au (ip172.aurora.sfo.interquest.net [66.135.130.172]) by ns2.sea (8.12.5/8.12.5) with ESMTP id g8K0NU5H028695; Thu, 19 Sep 2002 17:23:30 -0700 Received: (from silvio@localhost) by big.net.au (8.11.0/8.11.0) id g8K0Thc05053; Thu, 19 Sep 2002 17:29:43 -0700 From: silvio@big.net.au To: Mikhail Iakovlev Cc: full-disclosure@lists.netsys.com Subject: simple ltrace trick, was Re: [Full-Disclosure] blackfist(posted on request from prophet) Message-ID: <20020919172943.A5002@hamsec.aurora.sfo.interquest.net> References: <200209191514.g8JFEPB93761@mailserver2.hushmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from misha@cerber.no on Thu, Sep 19, 2002 at 10:43:35PM +0200 Sender: full-disclosure-admin@lists.netsys.com Errors-To: full-disclosure-admin@lists.netsys.com X-BeenThere: full-disclosure@lists.netsys.com X-Mailman-Version: 2.0.12 Precedence: bulk List-Unsubscribe: , List-Id: Discussion of security issues List-Post: List-Help: List-Subscribe: , List-Archive: Date: Thu, 19 Sep 2002 17:29:43 -0700 Status: RO Content-Length: 1153 Lines: 36 On Thu, Sep 19, 2002 at 10:43:35PM +0200, Mikhail Iakovlev wrote: > Suggestion to owners of mailing list: > > > Configure your sendmail/qmail/whatever to block gobbles@* as blacklisted. > Lets see how this turkey will fly than. I would love to see this guy > having registered every day new email addy just to post it here, subscribe > etc. > > That's where fun comes:) > 1 line and restart of mail daemon for making him wasting his time, what > more precious can we do?:) > > Shame this list is not on my server, otherwise I would play with this guy > the way he would love:) > > Mik- rememeber there exist multiple gobbles@, and i dont think blacklisting a single name is such a good idea - ever go on irc and see *.au banned etc. Is that annoying do you think? ok.. back to ltrace. a simple way of detecting if a specific call is being traced.. just do something like this --> ((*(unsigned char *)write) == 0xcc) umm.. why did i post 0xc3 before? i think i am on drugs today. -- Silvio _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html