On Sun, 2002-11-10 at 22:25, [EMAIL PROTECTED] wrote: > In-Reply-To: <[EMAIL PROTECTED]> > > ---snip-- > > >opening all outbound ports is a bad idea. classic example is here.. > > > >director of marketing takes laptop home. > > > >director gets hacked via Trojan downloaded from non corporate mail. > > > >director brings laptop back to work. > > > >using netcat hacker sets up opens backdoor via a allowed port... and > tunnels > >out through a high port to avoid detection. > > > >your firewall team wont see this if the port is open... > > > ---snip--- > > Sorry if this sounds basic but I can't seem to figure out how this example > would work? Please could you elaborate > > Surely the trojan would alerady have to be running on a open port for the > hacker to connect to it in order to run netcat to setup a backdoor? > > Thanks
What it would appear he was suggesting was that for the time the person had that laptop at home the hacker has gained access to it and set up his trojan. (not a problem most of the time since EUNT's have a tendency to pay no attention to security of their home connections). Once the trojans there and the laptops back with in the confines of the firewall at work (with all the internal ports open) all the trojan needs do is send a request for a connection to some remote node and the firewall allows it through.There are even a couple of trojans that are cut down versions of mirc and connect to an irc network. (Having found out from personal experience and the discovery of 4gb of porn on a clients server)
