All of lore.kernel.org
 help / color / mirror / Atom feed
From: Dean Anderson <dean@av8.com>
To: Colin Walters <walters@verbum.org>
Cc: selinux@tycho.nsa.gov
Subject: Re: Linuxfromscratch.org
Date: Thu, 24 Jul 2003 14:52:02 -0400 (EDT)	[thread overview]
Message-ID: <Pine.LNX.4.44.0307241434480.23576-100000@vista.av8.net> (raw)
In-Reply-To: <1059068428.1698.14.camel@columbia>

Someone sent this to me privately:
---------
It was Ken.  Google knows all.  See
http://www.wbglinks.net/pages/reads/hacksexplained/thompson.html
---------

Regarding the "useful" damage, if the trojan accepts another pre-defined
password, then you don't need an outbound connection to tell you the
passwords.  However, there has been some recent discussion of using
charactistics of packets to trigger finite state machines. One example I
read recently of (don't remember the source), was using a FSM in a
firewall to remotely open holes for authorized users in a manner that
would be hard to detect with a sniffer.  Sending a certain sequence could
communicate the port numbers and IP addresses to open.

		--Dean

On 24 Jul 2003, Colin Walters wrote:

> On Wed, 2003-07-23 at 15:34, karlm@mit.edu wrote:
>
> > I believe Dean is mistaken and is actually referring to Ken Thompson's
> > theoretical attack.  The point is you can't see if the backdoor
> > exists.  Unless you have personally recreated the history of modern
> > computing from first priciples in your basement or place of work, you
> > may be 0wn3d and not know it, in theory.
>
> The thing is though that to do any kind of "useful" damage (e.g. send
> passwords back to the author), at some point the trojan is going to have
> to connect to the network.  And if it does that, chances are some
> careful network administrator somewhere is going to notice some strange
> connections, eventually.  I mean, when your file server starts making
> HTTP POST requests or whatever, you'd get very suspicious.
>
> It seems much harder to believe this trojan would have been able to
> compromise all the network traffic sniffers out there.
>
>
> --
> This message was distributed to subscribers of the selinux mailing list.
> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
> the words "unsubscribe selinux" without quotes as the message.
>


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

  reply	other threads:[~2003-07-24 19:06 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-07-22  1:42 Linuxfromscratch.org Charlie Watts
2003-07-22 20:06 ` Linuxfromscratch.org Russell Coker
2003-07-22 20:49   ` Linuxfromscratch.org Dean Anderson
2003-07-23 15:09     ` Linuxfromscratch.org Carsten P. Gehrke
2003-07-23 15:44       ` Linuxfromscratch.org Russell Coker
2003-07-23 20:01         ` Linuxfromscratch.org Dale Amon
2003-07-23 21:24         ` Linuxfromscratch.org Dean Anderson
2003-07-23 19:34       ` Linuxfromscratch.org karlm
2003-07-23 22:08         ` Linuxfromscratch.org Dean Anderson
2003-07-24 14:06           ` Linuxfromscratch.org Dale Amon
2003-07-24 14:16           ` Linuxfromscratch.org Dale Amon
2003-07-24 14:18             ` Linuxfromscratch.org Dale Amon
2003-07-24 17:40         ` Linuxfromscratch.org Colin Walters
2003-07-24 18:52           ` Dean Anderson [this message]
2003-07-27 15:28             ` Linuxfromscratch.org Tom
2003-07-27 20:13               ` Linuxfromscratch.org Colin Walters
2003-07-28 17:17                 ` Linuxfromscratch.org Tom
2003-07-24 19:42           ` Linuxfromscratch.org Russell Coker
2003-07-27 15:19         ` Linuxfromscratch.org Tom
2003-07-23 20:26       ` Linuxfromscratch.org Lukasz Luzar
2003-07-24  0:29         ` Linuxfromscratch.org Dale Amon
2003-07-24  6:39           ` Linuxfromscratch.org Brian May
2003-07-24 12:32             ` Linuxfromscratch.org Dale Amon
2003-07-23  1:17   ` Linuxfromscratch.org Carsten P. Gehrke

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=Pine.LNX.4.44.0307241434480.23576-100000@vista.av8.net \
    --to=dean@av8.com \
    --cc=selinux@tycho.nsa.gov \
    --cc=walters@verbum.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.