|
Security Incidents
mailing list archives
RE: Virus/Trojan tunnel out from behind firewall?
From: "Bill Royds" <email () royds net>
Date: Mon, 25 Feb 2002 08:08:32 -0500
That is the behavior of Nimda. It arrives as an email virus or from an infected web site, then creates a backdoor for
others to attack the server. Many newer virus/worms attempt to connect to particular hosts on the internet after
infection. These have normally been detected and stopped because of this behavior as no ISP wants to be blacklisted
because it hosts the destination of worms.
-----Original Message-----
From: David Carmean [mailto:dlc () halibut com]
Sent: Sun February 24 2002 14:15
To: incidents () securityfocus com
Subject: Virus/trojan tunnel out from behind firewall?
Greetings. New to the list; have looked through a few months of
the archives and hadn't seen this come up:
Have there been any cases of a trojan/virus/etc tunnelling out from
behind a firewall and thus providing an attacker a way into the
"chewy center"?
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
 By Date 
By Thread
Current thread:
|
Intro
