Security Incidents mailing list archives
Re: Virus/trojan tunnel out from behind firewall?
From: Mike Shaw <mshaw () wwisp com>
Date: Mon, 25 Feb 2002 17:30:41 -0600
Sounds like "shell shoveling". With the source code to Netcat, a decent coder could make a shell shovelling program easily. Then 'glue' it to the elf-bowling du-jour and fakemail to your favorite target. This will bypass many if not the majority of FW configs.
If you wanted to get real jiggy, you could make it connect to an IRC server and wait for commands to 'shovel' on cue. OR, periodically check an HTTP discussion group waiting for the key-phrase. Call it ''manchurian 1.0"....*sigh* if I only had the time.
-Mike At 10:22 PM 2/24/2002 -0600, Rich Puhek wrote:
David Carmean wrote: > > Greetings. New to the list; have looked through a few months of > the archives and hadn't seen this come up: > > Have there been any cases of a trojan/virus/etc tunnelling out from > behind a firewall and thus providing an attacker a way into the > "chewy center"? Do you mean a trojan/virus that actively establishes a tunnel through SSH, etc to an outside machine as a method of bypassing a stateful firewall? Or do you just mean that a trojan/virus/etc has provided an opening despite the firewall? I'd also consider the gray areas in between, like worms/trojans that transfer into (passwds, etc) back through SMTP, HTTP, or IRC. --Rich _________________________________________________________ Rich Puhek ETN Systems Inc. _________________________________________________________ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service.For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Virus/trojan tunnel out from behind firewall? David Carmean (Feb 24)
- RE: Virus/Trojan tunnel out from behind firewall? Bill Royds (Feb 25)
- Re: Virus/trojan tunnel out from behind firewall? Rich Puhek (Feb 25)
- Re: Virus/trojan tunnel out from behind firewall? David Carmean (Feb 25)
- Re: Virus/trojan tunnel out from behind firewall? Rich Puhek (Feb 25)
- Re: Virus/trojan tunnel out from behind firewall? Ben Efros (Feb 26)
- Re: Virus/trojan tunnel out from behind firewall? Mike Shaw (Feb 25)
- RE: Virus/trojan tunnel out from behind firewall? M.Verba (Feb 26)
- Re: Virus/trojan tunnel out from behind firewall? David Carmean (Feb 25)
- Re: Virus/trojan tunnel out from behind firewall? Ryan Russell (Feb 25)