Re: Can trojan bypass sniffer?
From: Don Kelloway (dkelloway@commodon.com)
Date: 12/02/02
- Next message: Jay: "Help Needed With Website"
- Previous message: sleepy: "Re: iptables vs pix"
- In reply to: Mark: "Can trojan bypass sniffer?"
- Next in thread: blooven: "Re: Can trojan bypass sniffer?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Don Kelloway" <dkelloway@commodon.com> Date: Mon, 02 Dec 2002 06:38:04 GMT
Unless configured otherwise via a ruleset/filter within the application
itself, a sniffer is designed to capture ALL traffic originating from within
the same system. The keywords in this statement, is "unless configured
otherwise". In other words, if the sniffer has been configured to only
capture traffic of a certain protocol and the trojan in question is designed
to utilize a protocol that the sniffer hasn't been configured to capture,
then the trojan's traffic will go unnoticed.
-- Best Regards, Don Kelloway Commodon Communications Visit http://www.commodon.com to learn about Back Orifice, NetBus, SubSeven, etc. All of which are "Threats to Your Security on the Internet". "Mark" <noemail@noemail.com> wrote in message news:uuhtf79lce7c79@corp.supernews.com... > By now we all know that there are techniques to bypass personal firewall > (http://www.pcflank.com/art21.htm ). What is the situation with sniffers - > network monitoring programs on running on the same machine? Q1) Would they > ALWAYS log traffic in and out of pc? > > Q2) For example, if I am running sniffer (let's say CommView or use BlackIce > to log traffic ) on the same machine, and suspect that I have Trojan with > emailing ability on my system, is it sufficient to just examine captured > frames for emails (smtp/pop3 traffic) to make sure that I do not have > Trojan? > > Q3) Question becomes where exactly typical sniffer hooks on network stack, > and can Trojan bypass it (for example Trojan could have it's own tcp-socket > library ). > > Q4) Are there other methods except emails that Trojans use to deliver for > example logged keystrokes, and what are they - how to recognize them with > sniffer? > > There are sniffers that capture and decode emails - that means already > filter traffic during capture and decode it > (http://www.zoranjuric.com/mailexposer/ ). Q5) If we assume that dominant > method used by key loggers is to send emails with logs, could such programs > be used for emailing-keylogger Trojan detection and how reliable would that > be? > > Mark > > >
- Next message: Jay: "Help Needed With Website"
- Previous message: sleepy: "Re: iptables vs pix"
- In reply to: Mark: "Can trojan bypass sniffer?"
- Next in thread: blooven: "Re: Can trojan bypass sniffer?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
