Security Incidents mailing list archives
Re: Virus/trojan tunnel out from behind firewall?
From: Rich Puhek <rpuhek () etnsystems com>
Date: Sun, 24 Feb 2002 22:22:12 -0600
David Carmean wrote:
Greetings. New to the list; have looked through a few months of the archives and hadn't seen this come up: Have there been any cases of a trojan/virus/etc tunnelling out from behind a firewall and thus providing an attacker a way into the "chewy center"?
Do you mean a trojan/virus that actively establishes a tunnel through SSH, etc to an outside machine as a method of bypassing a stateful firewall? Or do you just mean that a trojan/virus/etc has provided an opening despite the firewall? I'd also consider the gray areas in between, like worms/trojans that transfer into (passwds, etc) back through SMTP, HTTP, or IRC. --Rich _________________________________________________________ Rich Puhek ETN Systems Inc. _________________________________________________________ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Virus/trojan tunnel out from behind firewall? David Carmean (Feb 24)
- RE: Virus/Trojan tunnel out from behind firewall? Bill Royds (Feb 25)
- Re: Virus/trojan tunnel out from behind firewall? Rich Puhek (Feb 25)
- Re: Virus/trojan tunnel out from behind firewall? David Carmean (Feb 25)
- Re: Virus/trojan tunnel out from behind firewall? Rich Puhek (Feb 25)
- Re: Virus/trojan tunnel out from behind firewall? Ben Efros (Feb 26)
- Re: Virus/trojan tunnel out from behind firewall? Mike Shaw (Feb 25)
- RE: Virus/trojan tunnel out from behind firewall? M.Verba (Feb 26)
- Re: Virus/trojan tunnel out from behind firewall? David Carmean (Feb 25)
- Re: Virus/trojan tunnel out from behind firewall? Ryan Russell (Feb 25)