Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Interesting idea for a covert channel or I just didn't research enough?
From: Mario 'BitKoenig' Holbe <Mario.Holbe () TU-Ilmenau DE>
Date: Thu, 6 Oct 2005 14:43:46 +0200

PASTOR ADRIAN <M123303 () Richmond ac uk> wrote:
It works like this: the backdoor enables logging in the host-level =
firewall for all dropped packets, say Windows XP SP2 Firewall. Then the =

Well, if the backdoor is able to enable logging in the packet filter
(i.e. configure the packet filter) it should also be able to add some
(as qualified as needed) pass rule, shouldn't it?
This should be far less noisy, far less performance consuming and
not more noticeable than the modification of other settings.

As a rule, the more bizarre a thing is, the less mysterious it proves to be.
                                    -- Sherlock Holmes by Arthur Conan Doyle

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]