private-sector keystroke logger...
Jay D. Dyson
jdyson at treachery.net
Tue Nov 27 17:16:36 EST 2001
On Tue, 27 Nov 2001 pasward at big.uwaterloo.ca wrote:
> > > Hrm, how about a worm with a built-in HTTP server that installs itself
> > > on some non-standard port, say TCP/28462 (to pick one at random)?
> >
> > Craftier still, backdoor an existing service that behaves normally
> > until it receives a few specially-crafted packets, then it opens a high
> > port for direct login or data retrieval.
>
> Neither of these will get past a firewall on an uncompromised machine.
While I didn't enumerate the service that could be backdoored, I
do believe Eric Murray hit the nail on the canonical head when he
mentioned that such a beastie could target the firewall's configuration,
forcing it to relax its stance enough to allow the automated intrusion
agent plenty of latitude to conduct its business.
Shoot, when you get down to it, one could just as easily backdoor
the firewall itself. I've had lots of Windows users report "vector
errors" (typically occuring during initialization) that knock down
ZoneAlarm[1]. None of them seemed alarmed about it...and I usually heard
about it *days* after it happened.
-Jay
1. Though I'm an admitted UNIX goon, I insist all Windows users on
my networks use it. :) Even with the occasional error, I still
think it's one of the beter Win-based personal firewalls.
( ( _______
)) )) .-"There's always time for a good cup of coffee"-. >====<--.
C|~~|C|~~| (>----- Jay D. Dyson -- jdyson at treachery.net -----<) | = |-'
`--' `--' `---------- Si vis pacem, para bellum. ----------' `------'
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list