Jay D. Dyson writes: > -----BEGIN PGP SIGNED MESSAGE----- > > On Tue, 27 Nov 2001 [EMAIL PROTECTED] wrote: > > > > > Hrm, how about a worm with a built-in HTTP server that installs itself > > > > on some non-standard port, say TCP/28462 (to pick one at random)? > > > > > > Craftier still, backdoor an existing service that behaves normally > > > until it receives a few specially-crafted packets, then it opens a high > > > port for direct login or data retrieval. > > > > Neither of these will get past a firewall on an uncompromised machine. > > While I didn't enumerate the service that could be backdoored, I > do believe Eric Murray hit the nail on the canonical head when he > mentioned that such a beastie could target the firewall's configuration, > forcing it to relax its stance enough to allow the automated intrusion > agent plenty of latitude to conduct its business.
I am assuming a firewall on a separate machine, which simply does not allow incoming connections to the window's boxes, and constrains the outgoing connections. I do not claim that this prevents all covert loss of data, but it constrains the options, and certainly does not permit the described backdoor to work. Better still would be a firewall design that monitored user bahaviour, and so deviation from that behaviour could be detected. Again, not that this is perfect, but it further constrains the options of getting the data out. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
