十一届全国政协委员职务和界别情况T。。。.pptVIP

Setiri: Advances in Trojan Technology Roelof Temmingh Haroon Meer BlackHat USA 2002 中医(zhōngyī)免费资料 /down 第一页，共29页。 Schedule Introduction Why Trojans? Brief History of Trojans Covert Channels The Hybrid model Setiri: Advances in Trojan Technology Demonstration Taking it further Possible fixes 第二页，共29页。 Introduction SensePost The speakers Objective of presentation 第三页，共29页。 Why Trojans? Profile of Trojan users Real criminals… …don’t write buffer overflows The weirdness of the industry Examples 第四页，共29页。 Brief History of Trojans Covert Tunnels Trojans From Quick Thinking Greeks … to Quick Thinking Geeks Tunnels Covert Channels 第五页，共29页。 Trojans.. Valid IP – No Filters Valid IP – Stateless Filters Private Addresses – Stateful Filters Private + Stateful + IDS + Personal Firewalls + Content Checking + … 第六页，共29页。 Trojans.. (Valid IP – No Filters) “get real..” 第七页，共29页。 Trojans.. (Valid IP – Stateless Filter) Dial Home Trojans Random Ports / Open Ports / High Ports [cDc] ACK Tunneling [Arne Vidstrom] 第八页，共29页。 Trojans.. (Stateful Filters) Back Orifice - Gbot Rattler 第九页，共29页。 Brief History of Trojans Covert Tunnels Trojans From Quick Thinking Greeks … to Quick Thinking Geeks Tunnels Covert Channels 第十页，共29页。 Tunnels Covert Channels 1985 – TSC Definition”Covert Channels” 1996 – Phrack Magazine – LOKI 1998 – RWWWShell – THC 1999 - HTTPTUNNEL – GNU 2000 - FireThru - Firethru 第十一页，共29页。 Conventional Trojans how they fail Stateful firewall IDS Direct model Direct model with network tricks ICMP tunneling ACK tunneling Properly configured stateful firewall IRC agents + Authentication proxy HTTP tunnel ++ Personal firewall Advanced Proxy HTTP tunnel with Authentication +++ 第十二页，共29页。 Hybrid model: “GatSlag” Combination between covert Tunnel and Trojan Defenses mechanisms today: Packet filters (stateful) / NAT Authentication Proxies Intrusion detection systems Pe