RE: DC Phone Home from BH 2002?

[Mark Melonson <blindtechie () yahoo com>]

Alright, please somebody correct me if my personal
definition of this is off, but:

When using "phone-home" attacks, I have found that the
best methods are to loosen security on the host,
possibly introducing a daemon or two to and port
redirectors, etc... I then use this to connect to a
preconfigured box, which I then use to invade the box
that's phoning home, transporting files, tools, etc...
as needed. It's all about access! In order to save
some time with such attacks, I have found that
Knoppix-STD is probably the best distribution for
running on the target machine. It's ideal if you have
a team, due to the fact that one can work on
establishing the "phone-home" while others are working
inside the network. Sorry if I can't give true
examples of such a technique... It's nice though,
because physical access, htough beautiful, is not
needed. However local access is a necessity or at
least enough to create local access. I hope this
helped.

Best regards,
-Mark L. Melonson
Freelance IT Professional (Security Specialist)


--- Eric Martinez <umdebaba () rgv rr com> wrote:
> What you can do is download a precompiled linux for
> dreamcast, burn it
> to a cd, and compile some tools on it that would
> demonstrate the
> dreamcast penetrating the network from the inside.
> Here's a link to a
> precompiled linux for dreamcast
> http://www.m17n.org/linux-sh/dreamcast/
> There are others but I'm am not sure which ones are
> the best. Check the
> message boards at dcemulation.com for more help.
>
> -Eric
------------------------------------------------------------------------------
> Ethical Hacking at the InfoSec Institute. Mention
> this ad and get $545 off
> any course! All of our class sizes are guaranteed to
> be 10 students or less
> to facilitate one-on-one interaction with one of our
> expert instructors.
> Attend a course taught by an expert instructor with
> years of in-the-field
> pen testing experience in our state of the art
> hacking lab. Master the skills
> of an Ethical Hacker to better assess the security
> of your organization.
> Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
>
-------------------------------------------------------------------------------
>



        
                
__________________________________
Do you Yahoo!?
Win a $20,000 Career Makeover at Yahoo! HotJobs  
http://hotjobs.sweepstakes.yahoo.com/careermakeover 

------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------