Eggheads: RE: Strange questions from a N00B

Jeeves Moss jeeves.moss at gmail.com
Mon Aug 28 15:36:45 CDT 2006 

Wow, it looks like I really stirred the pot with this one.  Yes, you guys
are right, it COULD be used as a malicious piece of software, but it's too
big.  As for those who would be reading it, it's more than likely only going
to be the prof and the associated IT guys who will have to do the network
observation.  It wasn't my intent to use this software to cause harm, but
I'm defiantly seeing that a few people are taking it as such.  If you guys
have a better idea (other than eggdrop), I'm open to suggestions.  The paper
is about network security, and how little the average user knows.  Now
couple this with how easy it would be for a low bandwidth user to exploit
this, and you've got my paper.  I look forward to hearing any further ideas.

-Jeeves



-----Original Message-----
From: eggheads-bounces at eggheads.org [mailto:eggheads-bounces at eggheads.org]
On Behalf Of Derek Kulinski
Sent: August 28, 2006 1:08 PM
To: Eggdrop Discussion List
Subject: Re: Eggheads: RE: Strange questions from a N00B

Hello Will,

Monday, August 28, 2006, 10:18:11 AM, you wrote:

> I think he's using Eggdrop to control the SDBot kind of stuff, not for the
> actual attacking. But, yes, this kind of stuff does hurt Eggdrop. The only
> reason that I did not say all of this myself earlier is because it is an
> academic thing, and I don't think any harm is meant.

As far as I know SDBot is fine by itself it doesn't need to be
controlled by an Eggdrop. It can connect to IRC by itself.

As for academic thing... He might know that Eggdrop is not abuse tool,
since we wrote that. But what about other people that will read his
paper?

> If you are going to use Eggdrop for this, please do the community a favor
by
> not releasing your scripts. Derek is right though; there are probably much
> much better suited tools for this purpose. Using a tool specifically
designed
> for DDoS / etc. would probably bring a lot more academic value to your
paper
> anyway, as it would show how the flooders are really doing things.

As I think of it. Actually it's really hard to use Eggdrop as a
malicious tool with intent to infect windows computer.

The reasons are as folows:
- it's quite big
- requires cygwin1.dll to run
- requires tcl library
- in default windrop distribution it all modules comes as .dll
  libraries (although you can compile it yourself and merge tcl and
  modules into one binary file, you still will need separate
  cygwin1.dll)
- last time I used windrop, it was leaving DOS window open while it's
  run (I belive that was because fork() most likely doesn't work on
  windows, so it cannot go into a background without rewriting code
  responsible for that.)

So as you can see, it's not really convenient for that use on Windows
computers.

Perhaps Jeeves meant this:
http://vil.nai.com/vil/content/v_100354.htm

But this program has nothing common with our Eggdrop except it's name.

-- 
Best regards,
 Derek                            mailto:takeda at takeda.tk
CCNA, SCSA, SCNA, LPIC, MCP certified
http://www.takeda.tk

A seminar on Time Travel will be held two weeks ago.

More information about the Eggheads mailing list