Re: Open All Outbound Ports?

[James Butcher <bigjtb () blueyonder co uk>]

On Sun, 2002-11-10 at 22:25, m2dzus () yahoo com wrote:
> In-Reply-To: <FDEHJDIOOBLHLBCAOEJFMELFEOAB.billl () cyberbase7 com>
>
> ---snip--
>
> > opening all outbound ports is a bad idea. classic example is here..
> >
> > director of marketing takes laptop home.
> >
> > director gets hacked via Trojan downloaded from non corporate mail.
> >
> > director brings laptop back to work.
> >
> > using netcat hacker sets up opens backdoor via a allowed port... and 
> tunnels
> > out through a high port to avoid detection.
> >
> > your firewall team wont see this if the port is open...
> ---snip---
>
> Sorry if this sounds basic but I can't seem to figure out how this example 
> would work? Please could you elaborate
>
> Surely the trojan would alerady have to be running on a open port for the 
> hacker to connect to it in order to run netcat to setup a backdoor?
>
> Thanks

What it would appear he was suggesting was that for the time the person
had that laptop at home the hacker has gained access to it and set up
his trojan. (not a problem most of the time since EUNT's have a tendency
to pay no attention to security of their home connections).

Once the trojans there and the laptops back with in the confines of the
firewall at work (with all the internal ports open) all the trojan needs
do is send a request for a connection to some remote node and the
firewall allows it through.There are even a couple of trojans that are
cut down versions of mirc and connect to an irc network. (Having found
out from personal experience and the discovery of 4gb of porn on a
clients server)