('binary' encoding is not supported, stored as-is) Several Desktop-Firewalls for Windows, such as Tiny Personal Firewall 2.0 or ATGuard, maybe also others, allow DNS resolving by default. That allows reversed trojans to connect to a server on port 53 and send/receive commands and informations without the user knowing it. The firewall permits any communication to any server on port 53 UDP. I wrote a small trojan in VB and tested it with Tiny Personal Firewall 2.0 and it worked. Solution: Change the default rules for DNS to a fixed host, for example to the DNS server of the ISP or the DNS server in the local network. cu Chris (decoder)
This archive was generated by hypermail 2b30 : Fri May 10 2002 - 19:12:10 PDT