[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Back Orifice 2000

To: Jeffery.Gieser@minnesotamutual.com
Subject: Re: Back Orifice 2000
From: Mikael Olsson <mikael.olsson@enternet.se>
Date: Mon, 14 Aug 2000 16:08:48 +0200
Cc: John Nicholls <jnnicho@bigpond.com>, firewalls@Lists.GNAC.NET

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Jeffery.Gieser@minnesotamutual.com wrote:
> 
> John wrote:  
> > [Can BO2K open connections through my firewalls?]
> 
> If you are allowing inbound connections to the pc running B02K on the UDP
> port that BO2K server is listening for then the firewall will allow the
> connection.  It's all in the firewall rules. If its allowed it gets through
> if its denied it gets dropped.

That wasn't John's question. He was asking if the BO2K client could
automatically open connections from the inside out, if configured to
do so.

The answer is: yes, probably. It would depend on what kind of
connection the trojan attempted to open, and what kind of communication
you allow from the inside out.

One could however safely assume that you allow your inside machines
to talk HTTP to the outside world. If the BO2K is fitted with a HTTP
tunnel plugin (I don't know if one exists, but it would be easy to
write), it could quite conceivably open connections from the inside
out.

Sure, the plugin would need to know what proxy to talk to
(you were running SOCKS?), but a smart enough trojan could simply
look up what your browser settings are, and behave the same way
a browser would. (This isn't quite as simple to do, but it is
still quite doable.) It all depends on how determined the 
attacker is :)

Bottom line: if someone can install arbitrary software on your
machines and have it run, and if you allow any form of communication
with the outside world, you're pretty much out of luck.

-- 
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46 (0)660 29 92 00         Direct: +46 (0)660 29 92 05
Mobile: +46 (0)70 66 77 636        Fax: +46 (0)660 122 50
WWW: http://www.enternet.se/       E-mail: mikael.olsson@enternet.se
-
[To unsubscribe, send mail to majordomo@lists.gnac.net with
"unsubscribe firewalls" in the body of the message.]

Prev by Date: Re: Back Orifice 2000
Next by Date: hacking the system
Prev by thread: Re: Back Orifice 2000
Next by thread: Re: Back Orifice 2000
Index(es):
- Date
- Thread