lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4345334F.1030600@tux.appstate.edu>
Date: Thu Oct  6 15:35:50 2005
From: kevin at tux.appstate.edu (Kevin Wilcox)
Subject: Interesting idea for a covert channel or I
	just	didn't research enough?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Michael Holstein wrote:
>> attacker sends packets -> packets are dropped by firewall -> packets
>> properties are captured in logs  -> backdoor reads logs and finds
>> encoded commands -> commands are executed
> 
> 
> As a covert channel? .. no, it's a waste. Once you have the access to
> set that up, you could establish any number of more efficient schemes.
> 
> As a way to do a "remote wake-up" though .. it might have some promise
> .. but it still depends on too many other variables.

SAdoor uses this general idea.

device in promiscuous mode sits and listens, iptables can have all ports
filtered and no services running on the machine, a particular sequence
of events happens, a command gets executed.

http://cmn.listprojects.darklab.org/

kw
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFDRTNN7XWNuvsOTiYRAqr5AKDQmgqdbBHSJrc2fuOzwx4SjekKlQCg3gFR
JYDJjZo37FNF1XNjaejqamc=
=8SzG
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ