mailing list archives
Re: Open All Outbound Ports?
From: James Butcher <bigjtb () blueyonder co uk>
Date: 12 Nov 2002 06:33:09 +0000
On Sun, 2002-11-10 at 22:25, m2dzus () yahoo com wrote:
In-Reply-To: <FDEHJDIOOBLHLBCAOEJFMELFEOAB.billl () cyberbase7 com>
opening all outbound ports is a bad idea. classic example is here..
director of marketing takes laptop home.
director gets hacked via Trojan downloaded from non corporate mail.
director brings laptop back to work.
using netcat hacker sets up opens backdoor via a allowed port... and
out through a high port to avoid detection.
your firewall team wont see this if the port is open...
Sorry if this sounds basic but I can't seem to figure out how this example
would work? Please could you elaborate
Surely the trojan would alerady have to be running on a open port for the
hacker to connect to it in order to run netcat to setup a backdoor?
What it would appear he was suggesting was that for the time the person
had that laptop at home the hacker has gained access to it and set up
his trojan. (not a problem most of the time since EUNT's have a tendency
to pay no attention to security of their home connections).
Once the trojans there and the laptops back with in the confines of the
firewall at work (with all the internal ports open) all the trojan needs
do is send a request for a connection to some remote node and the
firewall allows it through.There are even a couple of trojans that are
cut down versions of mirc and connect to an irc network. (Having found
out from personal experience and the discovery of 4gb of porn on a
Re: Open All Outbound Ports? David Weinberg (Nov 12)
RE: Open All Outbound Ports? DeGennaro, Gregory (Nov 13)
Re: Open All Outbound Ports? James Lee Gromoll (Nov 16)
RE: Open All Outbound Ports? Louis Erickson (Nov 16)
- RE: Open All Outbound Ports?, (continued)