private-sector keystroke logger...
Ben Laurie
ben at algroup.co.uk
Tue Nov 27 18:01:22 EST 2001
pasward at big.uwaterloo.ca wrote:
>
> Jay D. Dyson writes:
> > -----BEGIN PGP SIGNED MESSAGE-----
> >
> > On Tue, 27 Nov 2001 pasward at big.uwaterloo.ca wrote:
> >
> > > > > Hrm, how about a worm with a built-in HTTP server that installs itself
> > > > > on some non-standard port, say TCP/28462 (to pick one at random)?
> > > >
> > > > Craftier still, backdoor an existing service that behaves normally
> > > > until it receives a few specially-crafted packets, then it opens a high
> > > > port for direct login or data retrieval.
> > >
> > > Neither of these will get past a firewall on an uncompromised machine.
> >
> > While I didn't enumerate the service that could be backdoored, I
> > do believe Eric Murray hit the nail on the canonical head when he
> > mentioned that such a beastie could target the firewall's configuration,
> > forcing it to relax its stance enough to allow the automated intrusion
> > agent plenty of latitude to conduct its business.
>
> I am assuming a firewall on a separate machine, which simply does not
> allow incoming connections to the window's boxes, and constrains the
> outgoing connections. I do not claim that this prevents all covert
> loss of data, but it constrains the options, and certainly does not
> permit the described backdoor to work.
Yeah right - so it sets up an outgoing connection to some webserver to
pass on the info. Firewall that.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list