Re: idea for improving security
Hi
On Tue, May 06, 2003 at 06:22:54PM -0600, Will Aoki wrote:
> I believe that there are rootkits in the wild which do this.
Yepp. Found some standard rootkits with that thing as addition.
> Although I can't find the reference I had to it, I believe that some
> listen for traffic on a rare or unallocated protocol before opening a
> backdoor.
http://www.phenoelit.de/stuff/cd00r.c
has been used sometimes on compromised machines...
MfG/Regards, Alexander
--
Alexander Reelsen http://tretmine.org
ref@tretmine.org
Reply to: