[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4345334F.1030600@tux.appstate.edu>
Date: Thu Oct 6 15:35:50 2005
From: kevin at tux.appstate.edu (Kevin Wilcox)
Subject: Interesting idea for a covert channel or I
just didn't research enough?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Michael Holstein wrote:
>> attacker sends packets -> packets are dropped by firewall -> packets
>> properties are captured in logs -> backdoor reads logs and finds
>> encoded commands -> commands are executed
>
>
> As a covert channel? .. no, it's a waste. Once you have the access to
> set that up, you could establish any number of more efficient schemes.
>
> As a way to do a "remote wake-up" though .. it might have some promise
> .. but it still depends on too many other variables.
SAdoor uses this general idea.
device in promiscuous mode sits and listens, iptables can have all ports
filtered and no services running on the machine, a particular sequence
of events happens, a command gets executed.
http://cmn.listprojects.darklab.org/
kw
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
iD8DBQFDRTNN7XWNuvsOTiYRAqr5AKDQmgqdbBHSJrc2fuOzwx4SjekKlQCg3gFR
JYDJjZo37FNF1XNjaejqamc=
=8SzG
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists