:.glFlow-0.0.2 release - traffic monitoring tool Gel pe unghia naturala is a traffic analysis tool mainly intended for high-speed links. It detects DoS incidents by performing real time NetFlow traffic aggregation and analysis. It was written on FreeBSD and tested on both FreeBSD and Linux. It should work on any OS to which libpcap and OpenSSL were ported. The rest of the code is perfectly portable. Cisco Systems have defined the 'flow' as a four value tuplet: {srcaddr, srcport, dstaddr, dstport}. The format evolved over time. The complete structures for various NetFlow versions are available on Cisco's site. Now, let's assume that the attacker floods the victim with packets that keep the same characteristics throughout the duration of the attack. No source spoof, no source port increments or randomizations. That would lead to a very large packet rate inside that flow. glFlow calculates the average packet rate in every flow and raises an alarm signal if the threshold is hit. What about spoofed attacks ? How are they detected ? Simple. glFlow keeps a history for every destination host that it sees. When a new flow is created, the flow counter for that host is incremented. The average number of newly created flows corresponding to a specific host in a specific amount of time is calculated, and, as above, an alarm is raised if the threshold is hit.
---------------- #Bugtraq @ AbleNET / silver@madrid.com ----------------
:.glFlow-0.0.3 release
glFlow-0.0.3 - bugfixes from the previous release.
---------------- #Bugtraq @ AbleNET / h4x0r@madrid.com ----------------
:.OllyDbg format string exploit
ollytrap - will execute, stealthy or not, the defined 'evilcmd' offsets based upon DBGHELP.DLL -often shipped with, but not always- tested and working with 1.09d & 1.10-final on XP SP0 SP1 & W2k SP4 you might need to change the padding (see code) for other versions
---------------- #Bugtraq @ AbleNET / kernel@lawyer.com ----------------
:.Local exploit for AIM 5.5.3595
aimme - exploits localy if an argument is supplied, otherwise prints the url. offsets are based on exe/dll provided in the package, so it should be NT universal. shellcode makes a bindshell on port 1180.
---------------- #Bugtraq @ AbleNET / kernel@lawyer.com ----------------
