Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: GSoC 2011 My Two Ideas
From: Jonathan R <agentsmith15 () gmail com>
Date: Tue, 22 Mar 2011 12:03:10 -0500

Hey Eugene,

From what I have seen with keyloggers lately is that a lot of them don't
open ports. They either mail their logs or upload them to a ftp account.

Also with some of the newer backdoors opening a port is optional. Most will
connect back to the attacker so the attacker always knows the address of his
victim(s).

In order to detect these types of malware we would have to see some kind of
open port. So writing these types of scripts would be difficult, and hard to
manage.


Jonathan



On Tue, Mar 22, 2011 at 9:39 AM, Eugene Melnichenko <
my.email.eugene () gmail com> wrote:

Hi!!!
It's Eugene :)
I have a couple of proposals, they relate to the Project:
Vulnerability and exploitation specialist and Malware detection
scripts.
Here:
1. Possible threat category (keylogger, backdoor, etc.) and its level
(Malware detection).
2. What programming language was used, a possible country of origin,
etc. (Malware and Exploit).
What do you think about these ideas?
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]