The "phone home" examples I was aware of do things like email a
"system successfully compromised" message to Korea or somewhere, but
that email message doesn't offer a control channel.
By "really good", I'm picturing something that opens the control
channel from the compromised end back to the attacker, negating such
measures as NAT. IRC neatly solves the main logistic problem I can
see with doing that....ouch.
David Gillett
On 25 May 2001, at 15:11, Paul D. Robertson wrote:
> On Thu, 24 May 2001 [EMAIL PROTECTED] wrote:
>
> > 1. Phone-home trojans. If nobody has built a really good one yet,
> > the existence of admins who think outbound==safe constitutes a motive
> > for someone to do it.
>
> I've heard that Compaq has built a pretty good one, where a support Rep. can
> take a look to see if the problem is what you think it is when you visit
> their Web site with the option enabled. Several of the malicious trojans
> do IRC outbound for an open control mechanism on a channel. Dunno what your
> measure of "really good" is, but they all fall under "good enough to allow
> actual damage" as far as I'm concerned.
>
> Other than that, great list.
>
> Paul
> -----------------------------------------------------------------------------
> Paul D. Robertson "My statements in this message are personal opinions
> [EMAIL PROTECTED] which may have no basis whatsoever in fact."
> PSB#9280
>
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
