[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IDS: strings in backdoor binaries

To: ids@uow.edu.au
Subject: IDS: strings in backdoor binaries
From: "Meritt, Jim" <Jim.Meritt@wang.com>
Date: Thu, 27 Apr 2000 12:57:08 -0400

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owner@uow.edu.au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
UNSUBSCRIBE: email "unsubscribe ids" to majordomo@uow.edu.au
-----------------------------------------------------------------------------
When an intruder has penetrated a system and installed trojan binaries, when
a "strings" command is executed what text strings will appear in trojaned
files (aside from "letmein" or "satori", or course) that will (probably) not
show up in a non-trajaned binary?  I'm looking for a system (as opposed to
network) 'after-the-event' intrusion detection methodology.

_______________________
The opinions expressed above are my own.  The facts simply are and belong to
none. 
James W. Meritt, CISSP, CISA
Senior Secure Systems Engineer at Wang Government Services, Inc.

Prev by Date: Re: Part 2 IDS: Scanning on tcp port 27374
Next by Date: IDS: RE: Scanning on tcp port 27374
Prev by thread: Re: Fwd: Re: Part 2 IDS: Scanning on tcp port 27374
Next by thread: Re: IDS: strings in backdoor binaries
Index(es):
- Date
- Thread