Security Basics mailing list archives
RE: Establish persistant outbound connection for covert application
From: "Burton Strauss" <Burton () FelisCatus org>
Date: Wed, 24 Aug 2005 16:06:10 -0500
There was a product just recently discussed on one of these lists that is a USB key Linux server. It's powered by the USB port and reportedly has full access to the hosts' drives. IIRC it's a company called BlackDog. Yes: http://www.webpronews.com/news/ebusinessnews/wpn-45-20050816BlackDogALittleS erverWithBite.html http://www.infoworld.com/article/05/08/10/HNusbserver_1.html Would something like that work? -----Burton -----Original Message----- From: David Siles [mailto:ctowizkid () gmail com] Sent: Tuesday, August 23, 2005 5:17 PM To: security-basics () securityfocus com Subject: Establish persistant outbound connection for covert application Hello all, I am looking for some additional ideas for an application we are trying to use for a law enforcement application. We are currently using a product that allows us to install a software shim on a suspect's PC and then connect into the PC at any given time to perform forensic analysis. While this works great, we consistently run into the problem of personal firewalls, NAT devices, SP2, and other ACLs that prevent us from connecting into the suspect machine. While we usually have the suspect full cooperation in the monitoring efforts and we can initally configure their network and/or PC configuration to allow this communication things get changed. Also we run into the problem with dynamic addressing changing on us, which can be a pain to keep track off unless we install some type of dyn dns solution. To tackle this problem I have been able to setup SSH tunneling and making the suspects computer establish the SSH connection to our external facing test box and then having our forensic station connect in and use the SSH to redirect the tunneling, but I would like to come up with a better method. I am asking if anyone has ideas on this to either reply to the list for benefit of all or contact me directly. I am looking for something that will connect outbound, preferable covertly as a background/hidden process (e.g. fooing a netcat/cryptcat connection) to awaiting connection server or service for redirection. SSH may be the best process here, but I don't like having to open an SSH tunnel for this. The application we are using is already running encrypted traffic, so adding another layer of encryption also slows it down. The capability to make this application call home will be of great benefit to many in the LEO community and if your interested in what we are doing, please feel free to contact me offlist. Thanks, Dave Siles
Current thread:
- Establish persistant outbound connection for covert application David Siles (Aug 24)
- RE: Establish persistant outbound connection for covert application Burton Strauss (Aug 26)
- Re: Establish persistant outbound connection for covert application Jens Knoell (Aug 26)
- <Possible follow-ups>
- RE: Establish persistant outbound connection for covert application Beauford, Jason (Aug 26)