Dildog

From Wikipedia, the free encyclopedia

Dildog is also the original name of Dogbert

DilDog is the handle that Christien Rioux[1] used while at MIT and at L0pht Heavy Industries in the 1990s.[2] Rioux is now the co-founder and chief scientist of Veracode. He is the main patent holder for Veracode, based in Burlington, Mass.[3] Rioux' worked at L0pht Heavy Industries and then at the company @Stake (later bought by Symantec). While at @stake he looked for security weaknesses in software and led the development of Smart Risk Analyzer (SRA). [4] He co-authored the best-selling Windows password auditing tool @stake LC (L0phtCrack) and the AntiSniff network intrusion detection system. [5]

He is also a member of Cult of the Dead Cow[6] and its Ninja Strike Force. Formerly, he was a member of L0pht[7][8] and subsequent employee of @stake and Symantec, where he was responsible for many security advisories [9][10]

DilDog is best known as the author of the original code for Back Orifice 2000[6][11][12], an open source remote administration tool. He is also well known as the author of "The Tao of Windows Buffer Overflow."[13][14]

Contents

[edit] Projects

[edit] Back Orifice 2000

Main article: Back Orifice 2000

Back Orifice 2000 (often shortened to BO2k) is a computer program designed for remote system administration. It enables a user to control a computer running the Microsoft Windows operating system from a remote location. The name is a pun on Microsoft BackOffice Server software.

According to Dildog, the software's main author, the freeware lets a remote user with the Back Orifice 2000 client secretly control any Windows desktop or server on which the Back Orifice 2000 server component has been installed.[6]

[edit] BUTTSniffer

BUTTSniffer is a packet sniffer and network monitor for Win95, Win98 and also Windows NT 4.0. It works as a standalone executable, and as plugin for Back Orifice.[15]

It features the following:

  • TCP Connection monitoring. Full and split screen. Text and Hexadecimal views.
  • Password sniffing. Full phrasecatcher built in. Currently supports HTTP basic authentication, FTP, Telnet, POP2 and POP3. Support pending for IMAP2, RLogin, and possibly other protocols
  • Packet filtering. Firewall style filtering lists. Exclude/include ranges of IP addresses and ports.
  • Multiple interface support. Can be started on any of the system's network interfaces. Multiple instances of BUTTSniffer can be run at the same time.
  • Interactive mode. Spawns a port that you can telnet to, and displays an easy to use vt100 menu based user interface for remote sniffer access.
  • War mode. War mode features include connection resetting.
  • Win95, Win98, and Windows NT operating system support.

[edit] References

  1. ^ L0pht in Transition, April, 2007. Retrieved May 3, 2007.
  2. ^ L0pht in TransitionApril, 2007. Retrieved May 3, 2007.
  3. ^ [1], April 22, 2007. Retrieved May 11, 2007
  4. ^ [2], May, 2004. Retrieved May 24, 2007
  5. ^ [3], December 21, 2006. Retrieved May 24, 2007
  6. ^ a b c Messmer, Ellen, "Bad Rap for Back Orifice 2000?," CNN Online, July 21, 1999. Retrieved April 17, 2007.
  7. ^ Bauer, Mick, "Q&A with Chris Wysopal (Weld Pond)," Linux Journal, September 1, 2002. Retrieved April 17, 2007.
  8. ^ Security Scene Errata
  9. ^ Dildog, "L0pht Security Advisory: Microsoft Windows NT 4.0," February 18, 1999. Retrieved April 19, 2007.
  10. ^ Dildog, "L0pht Security Advisory: LPD, RH 4.x,5.x,6.x," January 8, 2000. Retrieved April 19, 2007.
  11. ^ Messmer, Ellen, "Hacker group Cult of the Dead Cow tries to convince world its Back Orifice tool is legit," Network World, July 14, 1999. Retrieved April 17, 2007.
  12. ^ cDc communications. "Back Orifice 2000 Press Release." CULT OF THE DEAD COW Press Release, July 10, 1999. Retrieved April 17, 2007.
  13. ^ Dildog, "The Tao of Windows Buffer Overflow," CULT OF THE DEAD COW issue #351, May 1, 1998. Retrieved April 17, 2007.
  14. ^ Park, Yong-Joon and Gyungho Lee, "Repairing return address stack for buffer overflow protection," Proceedings of the 1st conference on Computing frontiers, ACM, 2004. Retrieved April 17, 2007.
  15. ^ Packet Storm