Date: Fri, 2 Nov 2001 13:36:12 +0100 (CET) From: Krzysztof Zaraska <kzaraska@student.uci.agh.edu.pl> To: Ralph Huntington <rjh@mohawk.net> Cc: freebsd-security@FreeBSD.ORG Subject: Re: SubSeven trojan horse Message-ID: <Pine.BSF.4.21.0111021326050.8364-100000@lhotse.zaraska.dhs.org> In-Reply-To: <20011102055342.C92627-100000@mohegan.mohawk.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 2 Nov 2001, Ralph Huntington wrote: > One of our FreeBSD 4.2-RELEASE machines is accused by mynetwatchman.com of > launching a SubSeven trogan horse attach. However, I do not find anything > odd about this machine. > > Is this even possible? I thought subseven was a Windows thing. Can it be > launched from bsd? Thanks. - Ralph It's unclear what they mean by launching an attack. I never researched this subject, but AFAIK Windoze trojans are client/server programs with server running on victim's machine. Client software is used by attacker to control victim's machine by sending requests to server. So the existence of SubSeven client for BSD cannot be ruled out (I guess such code is easily portable -- all you need are BSD sockets; for example there's BackOrifice client in /usr/ports and this is almost the same). So someone could compromise your machine and run SubSeven client from there connecting to some windoze box. Unfortunately, I guess, the client may even run without root priviledges. As of spoofed attack... IIRC, BackOrifice used UDP, SubSeven may do so also, so sending spoofing requests should be possible. Krzysztof To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0111021326050.8364-100000>