private-sector keystroke logger...
Jay D. Dyson
jdyson at treachery.net
Tue Nov 27 15:55:11 EST 2001
On 27 Nov 2001, Derek Atkins wrote:
> Hrm, how about a worm with a built-in HTTP server that installs itself
> on some non-standard port, say TCP/28462 (to pick one at random)?
Craftier still, backdoor an existing service that behaves normally
until it receives a few specially-crafted packets, then it opens a high
port for direct login or data retrieval.
One could also arrange to backdoor certain services so they would
simply spew collected information via UDP at prearranged intervals, all
the while behaving normally in every other fashion. This would solve the
problem of connecting to unauthorized ports through a firewall. Why go to
them when you can arrange for them to come to you? ;)
When you get down to it, one of the most difficult problems to
resolve is seemingly random, intermittent failure. The same should hold
true for pseudorandom intermittent backdoor behavior.
-Jay (must...have...more...coffee...)
( ( _______
)) )) .-"There's always time for a good cup of coffee"-. >====<--.
C|~~|C|~~| (>----- Jay D. Dyson -- jdyson at treachery.net -----<) | = |-'
`--' `--' `---------- Si vis pacem, para bellum. ----------' `------'
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list