Penetration Testing mailing list archives
Re: Political Analysis of Security Products
From: E <j46 () btinternet com>
Date: Wed, 06 Feb 2002 14:33:03 +0000
Packet based triggers would stand out like a sore thumb in any properly monitored network. Something like that would have been discovered a long time ago. (That is an amateur way to backdoor something. This is Checkpoint we are talking about here, not linux hackers playschool group...) Especially if you use an abnormal packet (abnormal doesnt always mean IDS will miss it, and against a background pattern of "normal" traffic, something like a type 40 ICMP would look very suspicious) The chances are in a sophisticated piece of software like FW-1, a backdoor would be _properly_ hidden. It has occured to me that a much more insidious way to backdoor high profile software is to intentionally write remotely exploitable bugs into the code. This could go undetected for a very long time in closed source software, with the authors being aware of the hole long before the public security community discovers it. (if it ever discovers it) When the bug is discovered by the public, the immediate reaction is to just assume its down to sloppy coding - vendor is informed, patches etc released. This is all very well for open source products - but with closed source, you have no idea how many more such holes could be engineered in. The only problem with this idea is that a company who produces commercial security software does NOT want to have bugs discovered in its code, it is against its interest, because a remote security flaw doesnt do much for their reputation. On the other hand,when you have a big company whos software regularly has security issues, these become the norm and noone questions it when a new one appears. Frankly, you just cant trust closed source security products. This is like asking someone to install a home-made alarm in your house, without knowing if they are a convicted thief...Its a question of trust, and if you dont trust it, dont use it. Kurt Seifried wrote:
Open port, to accept packets? No. It's a firewall. Hint: it already sees all the network traffic. You can easily add a backdoor to a product like that to (for exmaple) take ICMP packets of a special type not often used (say type 40) and if they meet a special checksum/md5hash with secret you decrupt the contents and carry out those instructions. There are some examples of this, icmp backdoors, and the like for various UNIX systems. The only way to find stuff like this is a source code audit. Kurt Seifried, kurt () seifried org A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://seifried.org/security/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Political Analysis of Security Products pentestlist (Feb 05)
- Re: Political Analysis of Security Products William D. Colburn (aka Schlake) (Feb 05)
- Re: Political Analysis of Security Products R. DuFresne (Feb 05)
- Re: Political Analysis of Security Products ed (Feb 05)
- Re: Political Analysis of Security Products Kurt Seifried (Feb 05)
- Re: Political Analysis of Security Products E (Feb 06)
- Re: Political Analysis of Security Products Charles 'core' Stevenson (Feb 05)
- Re: Political Analysis of Security Products Rainer Duffner (Feb 05)
- Re: Political Analysis of Security Products Patrick Oonk (Feb 06)
- Re: Political Analysis of Security Products yossarian (Feb 05)
- <Possible follow-ups>
- RE: Political Analysis of Security Products Brass, Phil (ISS Atlanta) (Feb 05)
- RE: Political Analysis of Security Products Moonen, Ralph (Feb 06)