private-sector keystroke logger...
pasward at big.uwaterloo.ca
pasward at big.uwaterloo.ca
Tue Nov 27 17:19:46 EST 2001
Jay D. Dyson writes:
> -----BEGIN PGP SIGNED MESSAGE-----
>
> On Tue, 27 Nov 2001 pasward at big.uwaterloo.ca wrote:
>
> > > > Hrm, how about a worm with a built-in HTTP server that installs itself
> > > > on some non-standard port, say TCP/28462 (to pick one at random)?
> > >
> > > Craftier still, backdoor an existing service that behaves normally
> > > until it receives a few specially-crafted packets, then it opens a high
> > > port for direct login or data retrieval.
> >
> > Neither of these will get past a firewall on an uncompromised machine.
>
> While I didn't enumerate the service that could be backdoored, I
> do believe Eric Murray hit the nail on the canonical head when he
> mentioned that such a beastie could target the firewall's configuration,
> forcing it to relax its stance enough to allow the automated intrusion
> agent plenty of latitude to conduct its business.
I am assuming a firewall on a separate machine, which simply does not
allow incoming connections to the window's boxes, and constrains the
outgoing connections. I do not claim that this prevents all covert
loss of data, but it constrains the options, and certainly does not
permit the described backdoor to work.
Better still would be a firewall design that monitored user bahaviour,
and so deviation from that behaviour could be detected. Again, not
that this is perfect, but it further constrains the options of getting
the data out.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list