Security Basics mailing list archives
RE: UDP question
From: Patrick Kobly <patrick () kobly com>
Date: Tue, 8 Oct 2013 09:00:07 -0600
-----Original message----- From: ToddAndMargo <ToddAndMargo () zoho com> Sent: Tue 08-10-2013 00:57 Subject: UDP question To: security-basics () securityfocus com;
I am a bit confused: 1) "unless a TCP scan or other sources indicate". Okay. How would a UDP port that was open give you any indication that it was open with a TCP scan?
Some services listen on both TCP and UDP (i.e. DNS, ONC RPC - NFS, SNMP) and may provide different behaviour when communicated with via TCP than when communicated with via UDP.
2) "for example SNMP, NFS, the Back Orifice Trojan backdoor". Is he talking about a compromised system or a system with a bunch of poorly thought out services running on it?
Both. The article is agnostic to the purposes for which the tool is being used.
3) It is my understanding, that the malicious programs on a compromised system do not act as a server, meaning they do not open ports. As I understand it, they communicate with their evil puppet masters by establishing out going connections to avoid the firewall. They same way I avoid firewalls with Go To Assist. Am I wrong here?
There is a wide variety of malware out there. Sometimes C&C is handled by outbound connections, sometimes it's handled by just listening to a port. Smart attackers are aware of the context that their malware is installed in and choose the appropriate medium for the job. I noticed in another email that you're starting to look at Metasploit. You'll find that msf has a number of different payloads - some of them reverse, some of them listeners. PK
Many thanks, -T -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Computers are like air conditioners. They malfunction when you open windows ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- UDP question ToddAndMargo (Oct 08)
- <Possible follow-ups>
- RE: UDP question Patrick Kobly (Oct 08)
- Re: UDP question ToddAndMargo (Oct 15)
- Re: UDP question ToddAndMargo (Oct 16)
- Message not available
- Re: UDP question ToddAndMargo (Oct 17)
- Message not available
- Re: UDP question ToddAndMargo (Oct 28)
- Re: UDP question ToddAndMargo (Oct 28)