Security Incidents mailing list archives
"closed-port" backdoors
From: Andreas Hasenack <andreas () CONECTIVA COM BR>
Date: Wed, 21 Mar 2001 17:03:49 -0300
Has somebody seen in the wild a type of backdoor where no ports are open until a specifig set of packets are sent to the machine? For example, the backdoor would only bind to port X if the machine receives SYN packets to three other ports in sequence. I've seen code to do this (and sorry if it's not new), but I haven't seen rootkits using it.
Current thread:
- "closed-port" backdoors Andreas Hasenack (Mar 21)
- Virus sig? John R. Sciandra (Mar 22)
- Re: "closed-port" backdoors Alexander Reelsen (Mar 22)
- Re: "closed-port" backdoors Fernando Cardoso (Mar 22)
- Re: "closed-port" backdoors Valdis Kletnieks (Mar 22)
- Re: "closed-port" backdoors Andreas Hasenack (Mar 22)
- Re: "closed-port" backdoors Joe Boyle (Mar 22)
- <Possible follow-ups>
- Re: "closed-port" backdoors Frank Knobbe (Mar 22)
- Re: "closed-port" backdoors Andreas Hasenack (Mar 22)
- Re: "closed-port" backdoors M ixter (Mar 23)