From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham
	autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: 107f24,582dff0b3f065a52,start
X-Google-Attributes: gid107f24,public
X-Google-Thread: 109fba,582dff0b3f065a52,start
X-Google-Attributes: gid109fba,public
X-Google-Thread: 1014db,582dff0b3f065a52,start
X-Google-Attributes: gid1014db,public
X-Google-Thread: 103376,bc1361a952ec75ca
X-Google-Attributes: gid103376,public
X-Google-ArrivalTime: 2001-07-31 20:27:52 PST
Path: 
 archiver1.google.com!newsfeed.google.com!newsfeed.stanford.edu!news-spur1.maxwell.syr.edu!news.maxwell.syr.edu!news1.optus.net.au!optus!newshub1.rdc1.nsw.optushome.com.au!news1.belrs1.nsw.optushome.com.au.POSTED!not-for-mail
From: raj <israelrt@optushome.com.au>
Newsgroups: comp.lang.ada,comp.lang.c,comp.lang.c++,comp.lang.functional
Subject: How Ada could have prevented the Red Code distributed denial of
 service attack.
Message-ID: <ppsemtojqkqsqpfvj1th3mae8b4vu1tg89@4ax.com>
References: <bebbba07.0107292308.d1192fc@posting.google.com>
  <slrn9ma7qp.nac.randhol@kiuk0156.chembio.ntnu.no>
  <3B6555ED.9B0B0420@sneakemail.com> <87n15lxzzv.fsf@deneb.enyo.de>
 <yecofq03kih.fsf@king.cts.com> <3B672322.B5EA1B66@home.com>
X-Newsreader: Forte Agent
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Date: Wed, 01 Aug 2001 03:27:50 GMT
NNTP-Posting-Host: 203.164.144.2
X-Complaints-To: abuse@optushome.com.au
X-Trace: news1.belrs1.nsw.optushome.com.au 996636470 203.164.144.2 (Wed,
 01 Aug 2001 13:27:50 EST)
NNTP-Posting-Date: Wed, 01 Aug 2001 13:27:50 EST
Organization: @Home Network
Xref: archiver1.google.com comp.lang.ada:10909 comp.lang.c:71187
 comp.lang.c++:78948 comp.lang.functional:7059
Date: 2001-08-01T03:27:50+00:00
List-Id: <comp.lang.ada>

Red Code uses a combination of:

1. Buffer overflow

See:
.ida "Code Red" Worm
http://www.eeye.com/html/Research/Advisories/AL20010717.html
for a recent , readable account see:

 Win32 Buffer Overflows (Location, Exploitation and Prevention) 
dark spyrit AKA Barnaby Jack 
http://www.phrack.org/show.php?p=55&a=15

2. Disseminated metastasis
see:
Distributed Metastasis:
A Computer Network Penetration Methodology 
by Andrew J. Stewart 

http://www.packetfactory.net/papers/Distributed_Metastatis/distributed_metastasis.doc
or Phrack 55
http://www.phrack.org/show.php?p=55&a=16

The buffer overflow occurs because of an old and well known bug in the
C libraries.
Using Ada or another modern language like Ocaml or Mozart could have
prevented this, thus stopping the worm before it infected the very
first IIS server.