Well stated James, as usual. You'll have to excuse me if it appeared I participated in the pissing contest. Was only trying to reiterate my point, not to mention pointing out what I WASN'T talking about. It seemed there was some confusion.
James Tucker said: > 4. Most viruses in circulation today use TCP/IP or higher level > protocols, not native RS232. AND > Personally I never saw or heard of a virus which tries to communicate > with another computer attached to an RS232 port (maybe a laplink > virus or the like??), as this is an unusual scenario. Exactly the point I was trying to make. Nothing more, nothing less. > Rant over. Aww, just when it was getting good... =) P.S. Thanks for the Gmail tip. It's working wonders and making my life much easier. -- Peace. ~G On Wed, 1 Sep 2004 20:26:34 +0100, James Tucker <[EMAIL PROTECTED]> wrote: > Once again this discussion is drifting very far away from the FACTS, > let alone relevance: > > 1. On a BBS you connect through a modem; a modem (typically) uses an > AT command set, and you would require another modem to connect to. > Data transfer happens as a subset of this command set. These protocols > are not available at the computer end unless you have built an > application to emulate a modem. > 2. On a BBS you would have actively downloaded the file yourself, this > is not going to happen anywhere near the RS232 in this case, the virus > will come from an EXTERNAL link first, and the question was if it > could infect over a new outbound media, RS232. > 3. As I and others have clearly stated in previous posts, RS232 can > carry DATA therefore can theoretically transfer a virus. > 4. Most viruses in circulation today use TCP/IP or higher level > protocols, not native RS232. > 5. If a virus could use native RS232 it would require the ability to > exploit something on the other end, Windows itself does not respond to > incoming serial data, except where it thinks it has detected a mouse > (possibly one of the best ways to exploit this unit) this would be an > almsot impossible to compute exploit however. > 6. TCP/IP can be turned on for use over RS232 ports in Windows, this > shows up as "Incoming Connections" in the network connections folder. > It is unlikely this has been done, however if it has it should be > locked down. This method would require the client computer to also run > a TCP/IP stack at the other end, if this has not been set up by the > user then we have a further likelihood of no TCP/IP stack attached (in > software) to the RS232 port. > 7. There are other serial protocols in existence besides TCP/IP, > however these are not available by default on an NT box, furthermore > most of these protocols have a "wait for accept" implementation. > 8. The most feasable form of exploit which could be used against this > box in all likelihood would be to not exploit it at all, but just to > send (protocol wise) fully legal messages to the unit, instructing it > to do something it otherwise would never be intended to do. > > If you want to have an "i'm an old fogey" or "mines bigger than yours" > contest please do it off the list. There are always people in the > world who will know more than you on a particular topic, and there are > always bigger bullies somewhere else in the world. You can't beat them > by not joining forces so stop pissing on each other and just start > learning please. While this list is unmoderated, and I agree with > that, your responses are unnecessary and not even interesting to read. > Oh and for the pissing contest anyway, I'm under 25 and I used to > actively use a 1200 baud for BBS access, frankly it seems neither of > you understand how viruses worked in those days (despite probably > having been there before me). That would be hyperterm style not phpBB > style. One such example would be the hamster virus: > http://www.f-secure.com/v-descs/hamster.shtml, a virus not indexed by > most anti virus companies anymore. The Firkin virus used to sometimes > dial out on modems, typically dialing 911; it would do this by probing > all the RS232 ports on the machine and using the AT command set to > control a modem - not appropriate here. Personally I never saw or > heard of a virus which tries to communicate with another computer > attached to an RS232 port (maybe a laplink virus or the like??), as > this is an unusual scenario. Even more unusual than that would be a > live protocol suitable for data transfer, code execution, and / or > general exploitation; the only exception being a known network > protocol, which would provide a higher layer for the virus to interact > with. > Rant over. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
