Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Interesting idea for a covert channel or I just didn't research enough?
From: Michael Holstein <michael.holstein () csuohio edu>
Date: Thu, 06 Oct 2005 09:49:57 -0400

attacker sends packets -> packets are dropped by firewall -> packets properties are captured in logs -> backdoor reads logs and finds encoded commands -> commands are executed

As a covert channel? .. no, it's a waste. Once you have the access to set that up, you could establish any number of more efficient schemes.

As a way to do a "remote wake-up" though .. it might have some promise .. but it still depends on too many other variables.

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]