August 5th, 2003, 02:58 PM
Placing backdoors through firewalls
This is a great read for people who are new to firewalls. If you have a few minutes, give it a look. It goes over the different types of firewalls and several attack/countermeasure techniques. The original author is Van Hauser from PacketStorm.
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
August 5th, 2003, 10:25 PM
Thanks for the article, it is a fascinateing read.
I was reading somewhere of method a backdoor hideing on your system, can make outgoing conections without being detected by most personal firewalls. As most firewalls hook the Winsock in Windows. VXD's have direct access to the TDI (Transport Device Interface). And can avoid detection by most personal firewalls.
Hers a few quotes:
(I dont think the averate script kiddie has enough knowledge to write a VXD, Nor do I)
These are something of a pain in the butt to write/compile. On the positive side, they are easy to load transparently, and they have access to the TDI interface, so sometimes data can be sent without some firewalls knowing. This doesn't seem to work with all firewalls, but most personal firewalls just hook Winsock, so you should be able to get away with it.
I think Windows '9x virtual device drivers (VxDs) actually use the
Transport Driver Interface (TDI) rather than communicating with DLLs.
Actually, all WS2-capable programs use the functions exported by WS2_32.DLL,
the WinSock 2 interface unit for applications. However, WS2_32 is only a
"transport manager" and doesn't handle any data itself, but simply
dispatches the calls to the appriopriate "transport/service providers".