Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Interesting idea for a covert channel or I just didn't research enough?
From: Jurjen Oskam <jurjen () stupendous org>
Date: Thu, 6 Oct 2005 19:35:09 +0200

On Thu, Oct 06, 2005 at 10:06:24AM +0100, PASTOR ADRIAN wrote:

   Please, if you know anything related to backdoors intercepting
   commands from log files send me some links. Ideas, comments and flames
   are more than welcome :-) .

I myself use this method to open up the SSH port for a particular IP
address. When you try to open a particular URL on my website, you get a 404
because that document doesn't exist. The webserver logs this. A script in
the background sees in the log that this happened, and opens up port 22 to
the IP address which requested the non-existant URL.

Jurjen Oskam
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]