[EMAIL PROTECTED] wrote: > > Jay D. Dyson writes: > > -----BEGIN PGP SIGNED MESSAGE----- > > > > On Tue, 27 Nov 2001 [EMAIL PROTECTED] wrote: > > > > > > > Hrm, how about a worm with a built-in HTTP server that installs itself > > > > > on some non-standard port, say TCP/28462 (to pick one at random)? > > > > > > > > Craftier still, backdoor an existing service that behaves normally > > > > until it receives a few specially-crafted packets, then it opens a high > > > > port for direct login or data retrieval. > > > > > > Neither of these will get past a firewall on an uncompromised machine. > > > > While I didn't enumerate the service that could be backdoored, I > > do believe Eric Murray hit the nail on the canonical head when he > > mentioned that such a beastie could target the firewall's configuration, > > forcing it to relax its stance enough to allow the automated intrusion > > agent plenty of latitude to conduct its business. > > I am assuming a firewall on a separate machine, which simply does not > allow incoming connections to the window's boxes, and constrains the > outgoing connections. I do not claim that this prevents all covert > loss of data, but it constrains the options, and certainly does not > permit the described backdoor to work.
Yeah right - so it sets up an outgoing connection to some webserver to pass on the info. Firewall that. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
