David Carmean wrote:
>
> Greetings. New to the list; have looked through a few months of
> the archives and hadn't seen this come up:
>
> Have there been any cases of a trojan/virus/etc tunnelling out from
> behind a firewall and thus providing an attacker a way into the
> "chewy center"?
Do you mean a trojan/virus that actively establishes a tunnel through
SSH, etc to an outside machine as a method of bypassing a stateful
firewall?
Or do you just mean that a trojan/virus/etc has provided an opening
despite the firewall?
I'd also consider the gray areas in between, like worms/trojans that
transfer into (passwds, etc) back through SMTP, HTTP, or IRC.
--Rich
_________________________________________________________
Rich Puhek
ETN Systems Inc.
_________________________________________________________
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Feb 25 2002 - 15:14:17 PST