Mailinglist Archive: opensuse-security (606 mails)
| < Previous | Next > |
Re: [suse-security] trojan question
- From: Markus Gaugusch <markus@xxxxxxxxxxxxxxxx>
- Date: Wed, 11 Apr 2001 16:47:50 +0200 (CEST)
- Message-id: <Pine.LNX.4.33.0104111644590.24505-100000@xxxxxxxxxxxxxxxx>
> who synchronizes with whom? the trojan client with the trojan server or the
> server with the client?
This depends completely on the trojan implementation. Sometimes only one
direction (incoming or outgoing), sometimes also both directions (notify
the "bad guys", to tell them the ip-address and wait for them to
connect).
Blocking all unwanted (unused) ports for listening sockets (ipchains -y)
can prevent trojans which open listening sockets, but at this point it is
often much too late - the trojan is already in
bye
Markus
--
_____________________________ /"\
Markus Gaugusch ICQ 11374583 \ / ASCII Ribbon Campaign
markus@xxxxxxxxxxxxxxxx X Against HTML Mail
/ \
> server with the client?
This depends completely on the trojan implementation. Sometimes only one
direction (incoming or outgoing), sometimes also both directions (notify
the "bad guys", to tell them the ip-address and wait for them to
connect).
Blocking all unwanted (unused) ports for listening sockets (ipchains -y)
can prevent trojans which open listening sockets, but at this point it is
often much too late - the trojan is already in
bye
Markus
--
_____________________________ /"\
Markus Gaugusch ICQ 11374583 \ / ASCII Ribbon Campaign
markus@xxxxxxxxxxxxxxxx X Against HTML Mail
/ \
| < Previous | Next > |