Home page logo

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] IP Tunneling over DNS
From: Pawel Maciejewski <lukeskyw () SOWATECH COM PL>
Date: Mon, 11 Sep 2000 23:13:38 +0200

I think you can use for tunnelling almost every IP protocol, which will pass
through firewall and routers to the Internet. ICMP is one of the ways, maybe
easiest to implement.

But i think that tunnelling is not so dangerous as passive trojans.

In example : hacker sends spoofed e-mail from Windows Update to some user
who works in some company. The user unpacks, and installs fake "update", and
in a matter of fact he installs a passive client-trojan, which determines
what type of packets are allowed to go outside, is this workstation using a
proxy server etc..., and connects to some server, with installed
server-trojan on it (using allowed protocols or even proxy commands). The
trojan-client gets commands from the bogus-server, and then sends the
results to it (same, using allowed protocols, or proxy, it doesnt matter).
Think about things you can implement into your trojan client/server :) It
can be almost everything...


-= Signed =-
-= Pawel Maciejewski =-

"I had a dream I was a Jedi"
include <netinfo.h>
char e-mail[]="lukeskyw () sowatech com pl";
char www[]="http://skywalker.hack.pl";;

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]