Re: Political Analysis of Security Products

• Previous message: ed@the7thbeer.com: "Re: Political Analysis of Security Products"
• In reply to: R. DuFresne: "Re: Political Analysis of Security Products"
• Next in thread: E: "Re: Political Analysis of Security Products"
• Next in thread: Charles 'core' Stevenson: "Re: Political Analysis of Security Products"
• Reply: E: "Re: Political Analysis of Security Products"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Kurt Seifried" <bugtraq@seifried.net>
To: "R. DuFresne" <dufresne@sysinfo.com>, <pentestlist@hushmail.com>
Date: Tue, 5 Feb 2002 12:15:46 -0700

Open port, to accept packets? No. It's a firewall. Hint: it already sees all
the network traffic. You can easily add a backdoor to a product like that to
(for exmaple) take ICMP packets of a special type not often used (say type
40) and if they meet a special checksum/md5hash with secret you decrupt the
contents and carry out those instructions. There are some examples of this,
icmp backdoors, and the like for various UNIX systems. The only way to find
stuff like this is a source code audit.

Kurt Seifried, kurt@seifried.org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://seifried.org/security/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

• Previous message: ed@the7thbeer.com: "Re: Political Analysis of Security Products"
• In reply to: R. DuFresne: "Re: Political Analysis of Security Products"
• Next in thread: E: "Re: Political Analysis of Security Products"
• Next in thread: Charles 'core' Stevenson: "Re: Political Analysis of Security Products"
• Reply: E: "Re: Political Analysis of Security Products"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Forwarding sniffed packets ... Subject: Forwarding sniffed packets ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... (Pen-Test) Re: Forwarding sniffed packets ... > if a packet crafter has been created yet that can create ESP packets. ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... (Pen-Test) Re: Forwarding sniffed packets ... Subject: Forwarding sniffed packets ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... (Pen-Test) Forwarding sniffed packets ... Anyone out there familiar with a tool that would allow one to sniff packets ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... (Pen-Test) Re: Political Analysis of Security Products ... is unlikely that a potential backdoor was contained in there. ... is partly built by companies that are either subcontractor of Mossad ... TELCOs are concered by this, because, at least in Germany, every TELCO ... This list is provided by the SecurityFocus Security Intelligence Alert ... (Pen-Test)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint