Firewall Wizards mailing list archives
Re: nmapbot: using instant messaging as a remote administration tool
From: Kevin <KKadow () gmail com>
Date: Wed, 6 Oct 2004 00:15:01 -0500
I do not want to discourage you, however this is not new ground. On Tue, 05 Oct 2004 00:53:14 -0400, Abe Usher <abe.usher () sharp-ideas net> wrote:
I've created a small proof of concept named "nmapbot" that shows it is possible to use instant messaging as a platform for remote command and control of computer systems.
I guess you haven't had the joy of dealing with any of the dozens of Windows trojans in the past several years (SDbot, etc) which carry remote backdoor IRC bots, some of which include nmap explicitly. The first documented instance I can find (in a cursory search) of an IRC bot with nmap hooks dates to 1999, implemented by Yasholomew Yashinski.
Purpose: - -------- To create a semi-intelligent security bot that uses instant messaging as a platform for receiving commands and returning results. Method: - ------- Using Python, the AOL TOC protocol, Bayesian language processing, and nmap 3.70, I hacked together a little bot that can run nmap and ping. Future editions will include additional commands =)
Bayesian language processing?
Security pundits have been promoting the idea that IM is unsafe for several years...
Absolutely. However this type of "willing agent" insider attack may not be a particularly good example of the reasons why pundits are so down on IM protocols across security boundaries.
nmapbot provides some new considerations to an old idea -- using ordinarily legitimate communication channels for unintended purposes.
I'll admit that doing this with AOL Instant Messenger may be a new twist. You might want to look into tying into GPG to provide authentication of the command channel. With the wrong (or right) options, nmap can look a lot like a DoS... Kevin _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- nmapbot: using instant messaging as a remote administration tool Abe Usher (Oct 05)
- Re: nmapbot: using instant messaging as a remote administration tool Kevin (Oct 06)
- Re: nmapbot: using instant messaging as a remote administration tool Paul D. Robertson (Oct 06)