lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <C28F721C09627D43BB66D91D245D4D6D6C8B01@ntm003.apsc.com>
From: Vincent.Maes at aps.com (Vincent.Maes@....com)
Subject: [inbox] malware added in transit

Paul  wrote:
 
 > Hi all, perhaps I'm way off-base but I've been under the impression
that malware can be added   
 >  to clean transmissions as they pass through infected nodes.  Is this
possible? 
 
What about modifying/building an application such as dsniff on steroids.
Direct all the gateway traffic through a (dsniff) compromised system,
then watch for the target traffic and perform a disassemble/reassemble
with malware included.  You could fragment the target traffic to insert
larger amounts of malware; and, by looking for the file-type headers,
proceed to target specific content. As others have said, there is
nothing available (in script kiddie format) to do this, yet.  But there
are tools that can perform each of the require functions (WinPcap,
ngrep, libpcap)  You just have to put them together.
 
Here's some more detail:
http://www.packetfactory.net/projects/libnet/2004_RSA/eol-1.0.pdf
 
> Maybe by 2104...
 
Is it that time already? ;)
 
Vince Maes
 

"MMS <apsc.com>" made the following annotations.
------------------------------------------------------------------------------
--- NOTICE ---
This message is for the designated recipient only and may contain confidential, privileged or proprietary information.  If you have received it in error, please notify the sender immediately and delete the original and any copy or printout.  Unintended recipients are prohibited from making any other use of this e-mail.  Although we have taken reasonable precautions to ensure no viruses are present in this e-mail, we accept no liability for any loss or damage arising from the use of this e-mail or attachments, or for any delay or errors or omissions in the contents which result from e-mail transmission.

==============================================================================
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040318/06d0b3af/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ