RE: Virus/Trojan tunnel out from behind firewall?

From: Bill Royds (email@royds.net)
Date: 02/25/02

Previous message: Eric Brandwine: "Re: Solaris hack"
In reply to: David Carmean: "Virus/trojan tunnel out from behind firewall?"
Next in thread: Rich Puhek: "Re: Virus/trojan tunnel out from behind firewall?"
Next in thread: David Carmean: "Re: Virus/trojan tunnel out from behind firewall?"
Next in thread: Rich Puhek: "Re: Virus/trojan tunnel out from behind firewall?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Bill Royds" <email@royds.net>
To: "David Carmean" <dlc@halibut.com>, <incidents@securityfocus.com>
Date: Mon, 25 Feb 2002 08:08:32 -0500

That is the behavior of Nimda. It arrives as an email virus or from an infected web site, then creates a backdoor for others to attack the server. Many newer virus/worms attempt to connect to particular hosts on the internet after infection. These have normally been detected and stopped because of this behavior as no ISP wants to be blacklisted because it hosts the destination of worms.

-----Original Message-----
From: David Carmean [mailto:dlc@halibut.com]
Sent: Sun February 24 2002 14:15
To: incidents@securityfocus.com
Subject: Virus/trojan tunnel out from behind firewall?

Greetings. New to the list; have looked through a few months of
the archives and hadn't seen this come up:

Have there been any cases of a trojan/virus/etc tunnelling out from
behind a firewall and thus providing an attacker a way into the
"chewy center"?

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

Previous message: Eric Brandwine: "Re: Solaris hack"
In reply to: David Carmean: "Virus/trojan tunnel out from behind firewall?"
Next in thread: Rich Puhek: "Re: Virus/trojan tunnel out from behind firewall?"
Next in thread: David Carmean: "Re: Virus/trojan tunnel out from behind firewall?"
Next in thread: Rich Puhek: "Re: Virus/trojan tunnel out from behind firewall?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

RE: Virus/trojan tunnel out from behind firewall?
... Virus/trojan tunnel out from behind firewall? ... >For more information on this free incident handling, management ... >and tracking system please see: http://aris.securityfocus.com ... In Macromedia Flash 5 it is possible to save the main ...
(Incidents)
RE: Decrease in 1433 Scans?
... total of 300 or so connection attempts. ... The firewall is still logging and the integrity of my access-list ... and tracking system please see: http://aris.securityfocus.com ... For more information on this free incident handling, management ...
(Incidents)
Re: Virus/trojan tunnel out from behind firewall?
... Sounds like "shell shoveling". ... >> behind a firewall and thus providing an attacker a way into the ... >For more information on this free incident handling, management ... >and tracking system please see: http://aris.securityfocus.com ...
(Incidents)
RE: [fw-wiz] Vulnerability Response
... >> management effort scales with the number of hosts. ... It scales non-linearly if the problem area is well-defined. ... Now - if you're gonna make a firewall policy for 10,000 desktops ... When someone talks about doing mitigation at the host level, ...
(Firewall-Wizards)
Re: Firewall Management
... there after or deciding on managing the firewall myself. ... have built this firewall management service into their proposal, ... and event log analysis -- not unless you are a very small organization ...
(comp.security.firewalls)