Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Virus/Trojan tunnel out from behind firewall?

From: "Bill Royds" <email () royds net>
Date: Mon, 25 Feb 2002 08:08:32 -0500
That  is the behavior of Nimda. It arrives as an email virus or from an infected web site, then creates a backdoor for 
others to attack the server. Many newer virus/worms attempt to connect to particular hosts on the internet after 
infection. These have normally been detected and stopped because of this behavior as no ISP wants to be blacklisted 
because it hosts the destination of worms.

-----Original Message-----
From: David Carmean [mailto:dlc () halibut com]
Sent: Sun February 24 2002 14:15
To: incidents () securityfocus com
Subject: Virus/trojan tunnel out from behind firewall?



Greetings.  New to the list; have looked through a few months of 
the archives and hadn't seen this come up:

Have there been any cases of a trojan/virus/etc tunnelling out from 
behind a firewall and thus providing an attacker a way into the 
"chewy center"?  


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: