Re: Intrusec 55808 Trojan Analysis
From: Peter Busser (peter_at_trusteddebian.org)
Date: 06/25/03
- Previous message: Dave Phelps: "Re: War Dial on my PBX"
- In reply to: David J. Meltzer: "RE: Intrusec 55808 Trojan Analysis"
- Next in thread: Philippe Bourgeois: "Re: Intrusec 55808 Trojan Analysis"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 25 Jun 2003 09:02:04 +0200 To: incidents@securityfocus.com
Hi!
> Since it can be delivered anywhere
> on the subnet the trojan is listening promiscuously on, it is difficult
> to figure out where the trojan is actually located even upon capturing
> this command.
But you can also use that command to your own advantage. Simply regularly
inject messages which will make the trojan try to contact a machine you own.
The trojan will then expose itself.
Groetjes,
Peter Busser
-- Adamantix - Taking high-security Linux out of the labs, and into the world. http://www.adamantix.org/ ---------------------------------------------------------------------------- Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out. www.blackhat.com ----------------------------------------------------------------------------
- Previous message: Dave Phelps: "Re: War Dial on my PBX"
- In reply to: David J. Meltzer: "RE: Intrusec 55808 Trojan Analysis"
- Next in thread: Philippe Bourgeois: "Re: Intrusec 55808 Trojan Analysis"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
