Re: Searching for a special challenge&response algorithm



Ah, I think I see what you are looking for now. Tell me if this looks
about right:

Completion of the challenge problem takes a long time if you don't
know the backdoor.

Challenge completion gives access to the authentication function (a
password request).

The server knows the backdoor and the password.

_______________________________

Server: "Here's a math problem. It's really hard, but you can
solve it." (ANYONE can solve the challenge function, but the server
can do it quickly because it knows the backdoor).

* Time passes.*

Attacker: "Ah ha! I figured out that problem you gave me!"

Server: "Good, now what's thepassword?"

Attacker: "Uh... One - two - three."

Server: "Wrong. Here's another math problem." (The backdoor will
work on this new problem too)?
_______________________________

I only understood after your most recent reply which explained some of
the loose variables: there is only one account (with one password) to
which everyone is trying to gain access, and the IP information is not
usable (in this case).

I do still like Mr. Moreno's solution, albeit there looks to be some
implementation hurdles in regards to random key and challenge-message
generation, especially considering that the server would need to do
this every authentication request. On the other hand, in any solution
there is going to need to be some random challenge generation (given
the general form of the algorithm as explained above)...

Thank you for your patience.

.



Relevant Pages

  • Re: ssh and ids
    ... Don't assume the backdoor is going to be listening ... makes an outbound connection to a central server that lets the ... attacker issue commands on the compromised host. ... looking at a connection as a whole versus the ...
    (Focus-IDS)
  • Re: redhat audit
    ... If I were you, I'd replace any and all process monitoring tools, network ... It's rare, but heard of, that rootkits and backdoor systems include ... A much more clever hack is to add simple server capabilities to the ... > Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! ...
    (Security-Basics)
  • Re: network request not supported - source virus??
    ... backdoor in a production environment. ... MCSE, CCEA, Microsoft MVP - Terminal Server ... I'm crossing my fingers. ...
    (microsoft.public.win2000.termserv.apps)
  • Re: Can anyone identify this backdoor?
    ... and finally some html which looks something like this ... Server Information ... hk.exe is a program that exploits a vulnerability in the Win32 API(LPC< ... Can anyone identify this backdoor? ...
    (Incidents)
  • Snort not backdoored, Sourcefire not compromised
    ... into a Sourcefire server and backdoored the Snort source code. ... things first, there is no backdoor in Snort nor has there ever been, ... A shell server got compromised well over a year ago, ...
    (Incidents)