Re: Writing Trojans that bypass Windows XP Service Pack 2 Firewall

From: Jay Calvert (jrcalvert_at_gmail.com)
Date: 10/16/04

Next message: Sowhat .: "Mutiple AntiVirus Reserved Device Name Handling Vulnerability"

Previous message: Luke Macken: "[ GLSA 200410-15 ] Squid: Remote DoS vulnerability"
Maybe in reply to: americanidiot_at_hushmail.com: "Writing Trojans that bypass Windows XP Service Pack 2 Firewall"
Next in thread: Simon Zuckerbraun: "RE: Writing Trojans that bypass Windows XP Service Pack 2 Firewall"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 15 Oct 2004 23:49:31 -0000
To: bugtraq@securityfocus.com

('binary' encoding is not supported, stored as-is) In-Reply-To: <FEBC66CCD411744381228574BAB53A9B8035D0@MAIL.fac.gatech.edu>

A trojan could just as easily, disable the firewall with
a simple net stop command. I posted this yesterday but failed to get it listed for some reason.

http://habaneronetworks.com/viewArticle.php3?ID=51

Next message: Sowhat .: "Mutiple AntiVirus Reserved Device Name Handling Vulnerability"

Previous message: Luke Macken: "[ GLSA 200410-15 ] Squid: Remote DoS vulnerability"
Maybe in reply to: americanidiot_at_hushmail.com: "Writing Trojans that bypass Windows XP Service Pack 2 Firewall"
Next in thread: Simon Zuckerbraun: "RE: Writing Trojans that bypass Windows XP Service Pack 2 Firewall"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Trojans and ADWARE / NORTON
... | I just installed Norton Personal Firewall 2002 recently and under ... | Firewall/Internet Access Control there's a Configure button where I find ... open one of the default Trojan rules and take a good look at it. ... subsequently shows up as "Unused Port Blocking" or "Implicit Block Rule", ...
(comp.security.firewalls)
Re: Trojans and ADWARE / NORTON
... > | I just installed Norton Personal Firewall 2002 recently and under ... open one of the default Trojan rules and take a good look at it. ... > security alert pop-out) if someone 'appears' to be attempting to do this. ... > list you used to get to the Trojan Block rule settings). ...
(comp.security.firewalls)
Re: Advice Needed, Best Practices to Elim. XP Virus
... Backdoor is a trojan not a virus... ... Enable the Windows XP Internet Connection Firewall... ... Delete your cookies and temporary internet files after each session. ...
(microsoft.public.windowsxp.security_admin)
Re: Is complete home security possible?
... My security before this occurred was ... >> firewall and virus program stopped loading with Windows. ... >> if the trojan somehow disabled them, but I know I didn't take them out ...
(comp.security.firewalls)
Re: Covert Channels
... Here is part of a paper I recently wrote talking about "rawIP" Trojans. ... "Q" trojan should be exactly what you are looking for in regards to a covert ... qs -C "command" server.com - Execute remote shell commands. ... sending control packet to 10.0.0.2 ...
(Pen-Test)