Metasploit mailing list archives
slightly off topic but pertinent
From: Chip <jeffschips () gmail com>
Date: Tue, 22 Nov 2011 12:53:44 -0500
I traditionally run a network sniffer on my network to see what's up. I've been noticing lately that Kaspersky AV is reporting back to home using a protocol called sebek. From what I can gather sebek is a client/server protocol/setup whereby a client (perhaps a pc) has installed a piece of software that communicates with a server (Kasperksy?) using the sebek protocol. If you read up on it, it seems to be a protocol that will replay back on the server, the processes and activities of a user.
According to the paper in the link provided below, it is a kernel based data capture tool.
I find it suspicous and unsettling that Kaspersky has installed this on some of my lab's pcs.
Any feedback or information on what this really does/is would be greatly appreciated.
Especially on how to block it using iptables. Thanks. http://old.honeynet.org/papers/sebek.pdf _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- slightly off topic but pertinent Chip (Nov 22)