Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Full-Disclosure] Viral infection via Serial Cable

from [Glenn_Everhart] Network Security [Permanent Link]
Subject: RE: [Full-Disclosure] Viral infection via Serial Cable
Date: Tue, 31 Aug 2004 09:37:51 -0400 
A serial connection using protocols like xmodem, ymodem, kermit, or
the like might well avoid exposing a machine to malware. A malware
program must be able to use some facilities offered by a network
typically if it is to propagate on a network. Serial connections
running occasional file transfer protocols don't offer services that
most malware would know how to use. This does not mean there are no
services; just that a malware author is unlikely to notice a serial
line and test, say, for a kermit or uucp server at the other end. (If those
allow access only to a single directory containing nothing interesting,
too, that isn't going to allow much exposed function for attacks.)

Obviously if the serial line carries IP somehow, it might be used without
the malware even noticing anything difficult.

An intermediate ground like using some not currently fashionable
serial network (e.g., run DECnet over the line)  would probably
avoid being exploited too, but someone who knew what was going on
could attack it or use it to spread malware.

-----Original Message-----
From: full-disclosure-admin@lists.netsys.com
[mailto:full-disclosure-admin@lists.netsys.com]On Behalf Of Jean
Gruneberg
Sent: Monday, August 30, 2004 3:21 PM
To: 'Full Disclosure'
Subject: RE: [Full-Disclosure] Viral infection via Serial Cable


Hi all

Thanks for the info.  I presumed there wasn't anything running around that
normally would 'see' a serial connection and keeping the machine off an
ordinary network system will protect it machine...

Need to look at the pc more to see if and what patches / sp etc have been
applied as well, if it is a vanilla system etc  Pity the machine runs 18
hours a day and they don't like taking it offline for the IT guy to have a
look see ;-)

Jean

---

Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.744 / Virus Database: 496 - Release Date: 2004/08/24
 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


**********************************************************************
This transmission may contain information that is privileged, confidential 
and/or exempt from disclosure under applicable law. If you are not the intended 
recipient, you are hereby notified that any disclosure, copying, distribution, 
or use of the information contained herein (including any reliance thereon) is 
STRICTLY PROHIBITED. If you received this transmission in error, please 
immediately contact the sender and destroy the material in its entirety, 
whether in electronic or hard copy format. Thank you
**********************************************************************

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: !SPAM! RE: [Full-Disclosure] m$ realizes it loses the bug war? :), Yaakov Yehudi
Next by Date:  Re: [Full-Disclosure] Viral infection via Serial Cable, Barry Fitzgerald
Previous by Thread:  Re: [Full-Disclosure] Viral infection via Serial Cable, Troy
Next by Thread:  [Full-Disclosure] [SECURITY] [DSA 458-2] New python2.2 packages really fix buffer overflow, debian-security-announce
Indexes:  [Date] [Thread] [Top] [All Lists]