Re: idea for improving security

To: debian-security@lists.debian.org
Subject: Re: idea for improving security
From: Alexander Reelsen <ref@tretmine.org>
Date: Wed, 7 May 2003 12:50:18 +0200
Message-id: <20030507105018.GB9627@tretmine.org>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <20030507002254.GU23836@umnh.utah.edu>
References: <3EB7F9DC.2000501@iit.edu> <20030507002254.GU23836@umnh.utah.edu>

Hi

On Tue, May 06, 2003 at 06:22:54PM -0600, Will Aoki wrote:
> I believe that there are rootkits in the wild which do this.
Yepp. Found some standard rootkits with that thing as addition.

> Although I can't find the reference I had to it, I believe that some
> listen for traffic on a rare or unallocated protocol before opening a
> backdoor.
http://www.phenoelit.de/stuff/cd00r.c
has been used sometimes on compromised machines...


MfG/Regards, Alexander

-- 
Alexander Reelsen   http://tretmine.org
ref@tretmine.org

Reply to:

References:
- idea for improving security
  - From: Mark Edgington <edgimar@iit.edu>
- Re: idea for improving security
  - From: Will Aoki <waoki@umnh.utah.edu>

Prev by Date: Re: idea for improving security
Next by Date: Re: idea for improving security
Previous by thread: Re: idea for improving security
Next by thread: Re: idea for improving security
Index(es):
- Date
- Thread