How to hide a file ?
From: Kurt Seifried (bugtraq@seifried.org)Date: 01/11/02
- Previous message: diphen@agitation.net: "RPC/TCP Record Marking for IDS Evasion"
- In reply to: Farahbakhshian, Mike (OD): "RE: How to hide a file ?"
- Maybe reply: Ed Moyle: "RE: How to hide a file ?"
- Maybe reply: Altheide, Cory: "RE: How to hide a file ?"
- Maybe reply: Farahbakhshian, Mike (OD): "RE: How to hide a file ?"
- Maybe reply: Altheide, Cory: "RE: How to hide a file ?"
- Maybe reply: Mike Theriault: "RE: How to hide a file ?"
- Maybe reply: Altheide, Cory: "RE: How to hide a file ?"
- Maybe reply: Farahbakhshian, Mike (OD): "RE: How to hide a file ?"
- Maybe reply: Incs, Harry: "RE: How to hide a file ?"
- Maybe reply: Ed Moyle: "RE: How to hide a file ?"
- Maybe reply: Pete Simpson: "RE: How to hide a file ?"
- Maybe reply: Farahbakhshian, Mike (OD): "RE: How to hide a file ?"
- Maybe reply: Young, Brandon: "RE: How to hide a file ?"
- Maybe reply: Vincent Tiu (AV-PH): "RE: How to hide a file ?"
- Maybe reply: Farahbakhshian, Mike (OD): "RE: How to hide a file ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Kurt Seifried" <bugtraq@seifried.org> To: <vuln-dev@security-focus.com> Date: Thu, 10 Jan 2002 20:14:41 -0700
Just a note: Tripwire will pick it up, i.e. if you add an ADS to a file
tripwire will flag it, and if a file has an ADS that is modified or removed
tripwire will also flag it (with MD5sum/etc just like a normal file). The
other good news is if you add an ADS stream to a directory such as WINNT or
system32 it will detect it. Of course any files or dirs not listed in your
policy will escape tripwire, but then that's no big surprise. So my advice:
use ADS on files specifically excluded by tripwire if you want to hide
things.
Kurt Seifried, kurt@seifried.org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://www.seifried.org/security/
- Previous message: diphen@agitation.net: "RPC/TCP Record Marking for IDS Evasion"
- In reply to: Farahbakhshian, Mike (OD): "RE: How to hide a file ?"
- Maybe reply: Ed Moyle: "RE: How to hide a file ?"
- Maybe reply: Altheide, Cory: "RE: How to hide a file ?"
- Maybe reply: Farahbakhshian, Mike (OD): "RE: How to hide a file ?"
- Maybe reply: Altheide, Cory: "RE: How to hide a file ?"
- Maybe reply: Mike Theriault: "RE: How to hide a file ?"
- Maybe reply: Altheide, Cory: "RE: How to hide a file ?"
- Maybe reply: Farahbakhshian, Mike (OD): "RE: How to hide a file ?"
- Maybe reply: Incs, Harry: "RE: How to hide a file ?"
- Maybe reply: Ed Moyle: "RE: How to hide a file ?"
- Maybe reply: Pete Simpson: "RE: How to hide a file ?"
- Maybe reply: Farahbakhshian, Mike (OD): "RE: How to hide a file ?"
- Maybe reply: Young, Brandon: "RE: How to hide a file ?"
- Maybe reply: Vincent Tiu (AV-PH): "RE: How to hide a file ?"
- Maybe reply: Farahbakhshian, Mike (OD): "RE: How to hide a file ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
