On Wed, 31 May 2000, Graham Wheeler wrote:
> Kriss Andsten wrote:
<snip>
> > 'tis normally not that much of a problem. (Of course, if you have to
> > resort to sending data using If-Modified-Since: and get the replies in
> > the Cache*: headers, latency is a bit nasty ;-)
>
> Not only that, but the amount of web traffic you'll have flowing between
> your client and server hosts could start alarm bells ringing. I don't
> think I'd have much difficulty figuring out what you were up to if I was
> administering the firewall in-between.
The traffic passing through the firewall need not be that dense. And even
if it was, heck, encode it, slab valid JPEG headers on it, call it .jpg,
and GET it...
Make a very slim trojan horse. Make sure it ends up on the target network,
on some windows machine, using some of the usual delivery methods,
alternatively social engineering. (Sure, you can make 'em not run
attachments, but take some CD carrying magazine with a preparated CD and a
bogus letter saying 'free trial'.. we're talking humans here, after all)
Make sure the trojan visits a bogus site, lets call it 'a joke a day', and
GET's a JPEG containing commands. If you really feel like it, make it a
valid and viewable JPEG and hide the text utilizing steganography..
Now, execute the commands in the thing and send the results back to the
'joke a day' site as a GET request responding to something resembling a
poll the next day when the thing gets the next 'JPEG'..
Or, you could just encap the same data in say, five, DNS requests during
each 24 hour period..
Sure, takes a bucketload of time, but I dare bet a fiver it's neigh to
undetectable using normal tools.
So, I still say that if a network is connected to the Internet, in any
fashion, it's quite possible to tunnel data (in various amounts, granted)
to and from it in a stealthy fashion, if there's a cooperative party on
the inside.
> Dr Graham Wheeler E-mail: [EMAIL PROTECTED]
Kriss Andsten
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
