lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: jftucker at gmail.com (James Tucker) Subject: Viral infection via Serial Cable Once again this discussion is drifting very far away from the FACTS, let alone relevance: 1. On a BBS you connect through a modem; a modem (typically) uses an AT command set, and you would require another modem to connect to. Data transfer happens as a subset of this command set. These protocols are not available at the computer end unless you have built an application to emulate a modem. 2. On a BBS you would have actively downloaded the file yourself, this is not going to happen anywhere near the RS232 in this case, the virus will come from an EXTERNAL link first, and the question was if it could infect over a new outbound media, RS232. 3. As I and others have clearly stated in previous posts, RS232 can carry DATA therefore can theoretically transfer a virus. 4. Most viruses in circulation today use TCP/IP or higher level protocols, not native RS232. 5. If a virus could use native RS232 it would require the ability to exploit something on the other end, Windows itself does not respond to incoming serial data, except where it thinks it has detected a mouse (possibly one of the best ways to exploit this unit) this would be an almsot impossible to compute exploit however. 6. TCP/IP can be turned on for use over RS232 ports in Windows, this shows up as "Incoming Connections" in the network connections folder. It is unlikely this has been done, however if it has it should be locked down. This method would require the client computer to also run a TCP/IP stack at the other end, if this has not been set up by the user then we have a further likelihood of no TCP/IP stack attached (in software) to the RS232 port. 7. There are other serial protocols in existence besides TCP/IP, however these are not available by default on an NT box, furthermore most of these protocols have a "wait for accept" implementation. 8. The most feasable form of exploit which could be used against this box in all likelihood would be to not exploit it at all, but just to send (protocol wise) fully legal messages to the unit, instructing it to do something it otherwise would never be intended to do. If you want to have an "i'm an old fogey" or "mines bigger than yours" contest please do it off the list. There are always people in the world who will know more than you on a particular topic, and there are always bigger bullies somewhere else in the world. You can't beat them by not joining forces so stop pissing on each other and just start learning please. While this list is unmoderated, and I agree with that, your responses are unnecessary and not even interesting to read. Oh and for the pissing contest anyway, I'm under 25 and I used to actively use a 1200 baud for BBS access, frankly it seems neither of you understand how viruses worked in those days (despite probably having been there before me). That would be hyperterm style not phpBB style. One such example would be the hamster virus: http://www.f-secure.com/v-descs/hamster.shtml, a virus not indexed by most anti virus companies anymore. The Firkin virus used to sometimes dial out on modems, typically dialing 911; it would do this by probing all the RS232 ports on the machine and using the AT command set to control a modem - not appropriate here. Personally I never saw or heard of a virus which tries to communicate with another computer attached to an RS232 port (maybe a laplink virus or the like??), as this is an unusual scenario. Even more unusual than that would be a live protocol suitable for data transfer, code execution, and / or general exploitation; the only exception being a known network protocol, which would provide a higher layer for the virus to interact with. Rant over.
Powered by blists - more mailing lists