mailing list archives
Re: Interesting idea for a covert channel or I just didn't research enough?
From: Mario 'BitKoenig' Holbe <Mario.Holbe () TU-Ilmenau DE>
Date: Thu, 6 Oct 2005 14:43:46 +0200
PASTOR ADRIAN <M123303 () Richmond ac uk> wrote:
It works like this: the backdoor enables logging in the host-level =
firewall for all dropped packets, say Windows XP SP2 Firewall. Then the =
Well, if the backdoor is able to enable logging in the packet filter
(i.e. configure the packet filter) it should also be able to add some
(as qualified as needed) pass rule, shouldn't it?
This should be far less noisy, far less performance consuming and
not more noticeable than the modification of other settings.
As a rule, the more bizarre a thing is, the less mysterious it proves to be.
-- Sherlock Holmes by Arthur Conan Doyle
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/