Results 1 to 2 of 2

Thread: Placing backdoors through firewalls

  1. #1
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Washington D.C. area

    Placing backdoors through firewalls

    This is a great read for people who are new to firewalls. If you have a few minutes, give it a look. It goes over the different types of firewalls and several attack/countermeasure techniques. The original author is Van Hauser from PacketStorm.


    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  2. #2
    Senior Member
    Join Date
    Feb 2003
    Thanks for the article, it is a fascinateing read.

    I was reading somewhere of method a backdoor hideing on your system, can make outgoing conections without being detected by most personal firewalls. As most firewalls hook the Winsock in Windows. VXD's have direct access to the TDI (Transport Device Interface). And can avoid detection by most personal firewalls.

    Hers a few quotes:
    (I dont think the averate script kiddie has enough knowledge to write a VXD, Nor do I)

    These are something of a pain in the butt to write/compile. On the positive side, they are easy to load transparently, and they have access to the TDI interface, so sometimes data can be sent without some firewalls knowing. This doesn't seem to work with all firewalls, but most personal firewalls just hook Winsock, so you should be able to get away with it.
    source: http://www.phekda.freeserve.co.uk/gabor/ws2dos/howitworks.txt
    I think Windows '9x virtual device drivers (VxDs) actually use the
    Transport Driver Interface (TDI) rather than communicating with DLLs.
    Actually, all WS2-capable programs use the functions exported by WS2_32.DLL,
    the WinSock 2 interface unit for applications. However, WS2_32 is only a
    "transport manager" and doesn't handle any data itself, but simply
    dispatches the calls to the appriopriate "transport/service providers".

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts