[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Interesting idea for a covert channel or I just didn't research enough?
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] Interesting idea for a covert channel or I just didn't research enough?
- From: Kevin Wilcox <kevin@xxxxxxxxxxxxxxxx>
- Date: Thu, 06 Oct 2005 10:23:11 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Michael Holstein wrote:
>> attacker sends packets -> packets are dropped by firewall -> packets
>> properties are captured in logs -> backdoor reads logs and finds
>> encoded commands -> commands are executed
>
>
> As a covert channel? .. no, it's a waste. Once you have the access to
> set that up, you could establish any number of more efficient schemes.
>
> As a way to do a "remote wake-up" though .. it might have some promise
> .. but it still depends on too many other variables.
SAdoor uses this general idea.
device in promiscuous mode sits and listens, iptables can have all ports
filtered and no services running on the machine, a particular sequence
of events happens, a command gets executed.
http://cmn.listprojects.darklab.org/
kw
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
iD8DBQFDRTNN7XWNuvsOTiYRAqr5AKDQmgqdbBHSJrc2fuOzwx4SjekKlQCg3gFR
JYDJjZo37FNF1XNjaejqamc=
=8SzG
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/