i try to find client for slapper worm but nothing. most of ppl change worm to attack host and put on them they own backdoors, (aside backdoor is nice when admin's kill only one of worm or backdoor (one of them stay online)) but slapper has a nice backdoore functions, the problem is that there are no comments in source so it was hard to create something usefull. i put nontested backdoore to slapper.a (aion) & i have a little problem use them (if you find source of timecontrol backdoore .update.c don't use it) so i have about 20.000 servers whith time-to-time working trojan (2packetstormsecurity: if you need this list i can mail it to you) so i write simple client to worm (only 2 function are supported) there are two file wc*.c ver.04 & ver.07, ver.04 - is interactive, enter command & if you luck you see result (there are still a lot of problems (i don't know how fixed them): audp_recv is blocking, so if server don't answer program is halt if don't use fork()&alarm(). worm answer many times (up to 5-9) i can't find explain in source, so if you enter> cat /etc/passwd you see result 5 times or more.) ver.07-it all in one (by default launch sh on 1052(tcp)/pass aion1981) (interactive shell much beter then use ver.04, you can kill them, at and of session, and run ver.07 when you need it again) (with simple modification you can use other tag's (lika flood,mailscan,etc)) (compile: gcc -o wc wc*.c -lcrypto) usage: wc* ip port (port included becouse most ppl change them in they modification of worm) (use script with ver.07 if you need mass host attack) (use tcpdump udp src port PORT to see did servers answer) NOTE!!!: (there are a very big problem) only first time worm accept connection from one host, e.g. if you run twice ver.07 only first try will success, to connect to worm again you need to wait (maybe much more then hour ???), so once you connect to worm, do all what you need in one session. (but hold enter in ver.04 you can flood them & worm accept you) thanks go to slapper author for a wonderfull work, it realy very nice, but imho author don't have enought time to finish them, or somthing. the worm has a great net engine but with stealths functions his have a very big problem (save to /tmp/.*bug*,list in ps like /tmp/.bugtraq, don't unlink work files, etc) this all can be done in one maybe two hour (but if do this kind of work on them, i think security center's find them much later that they are) so if someone try to write worm, pls ask help from other hackers. aion (ai0n@ukr.net) (my box aion@ukr.net is full)