【文档说明】十一届全国政协委员职务和界别情况T。。。.pptx，共(29)页，470.731 KB，由精品优选上传

转载请保留链接：https://www.ichengzhen.cn/view-324492.html

以下为本文档部分文字说明：

Setiri:AdvancesinTrojanTechnologyRoelofTemminghHaroonMeerBlackHatUSA2002ScheduleIntroductionWhyTrojans?BriefHistoryofTrojans&C

overtChannelsTheHybridmodelSetiri:AdvancesinTrojanTechnologyDemonstrationTakingitfurtherPossiblefixesIntroductionSens

ePostThespeakersObjectiveofpresentationWhyTrojans?ProfileofTrojanusersRealcriminals……don’twritebufferoverflowsTh

eweirdnessoftheindustryExamplesBriefHistoryofTrojans&CovertTunnelsTrojansFromQuickThinkingGreeks…toQuickThinkingGeeksTunnelsCo

vertChannelsTrojans..ValidIP–NoFiltersValidIP–StatelessFiltersPrivateAddresses–StatefulFiltersPrivate+S

tateful+IDS+PersonalFirewalls+ContentChecking+…Trojans..(ValidIP–NoFilters)“getreal..”Trojans..(ValidIP–StatelessFilter)DialHomeTrojansRand

omPorts/OpenPorts/HighPorts[cDc]ACKTunneling[ArneVidstrom]Trojans..(StatefulFilters)BackOrifice-http://bo2k.sourceforge.netGbotRattlerBr

iefHistoryofTrojans&CovertTunnelsTrojansFromQuickThinkingGreeks…toQuickThinkingGeeksTunnelsCovertChannelsTunnels&CovertChannelsConventi

onalTrojans&howtheyfailStatefulfirewall&IDSDirectmodelDirectmodelwithnetworktricksICMPtunnelingACKtunnelingProperlyconfiguredstatefulfir

ewallIRCagents+AuthenticationproxyHTTPtunnel++Personalfirewall&AdvancedProxyHTTPtunnelwithAuthentication+++Hybridmodel:“GatSlag”Combinatio

nbetweencovertTunnelandTrojanDefensesmechanismstoday:Packetfilters(stateful)/NATAuthenticationProxiesIntrusio

ndetectionsystemsPersonalfirewallsContent/protocolcheckingBiometrics/TokenPads/OnetimepasswordsEncryptionAtypicalnetworkH

owGatSlagworkedReverseconnectionHTTPcoverttunnelMicrosoftInternetExplorerastransportControlsIEviaOLEEncapsulateinI

E,notHTTPReceivecommandsintitleofwebpageReceiveencodeddataasplaintextinbodyofwebpageSenddatawithPOSTrequestSendalivesignalswi

thGETrequestWhyGatSlagworkedIntegrationofclientwithMSProxyNTLMauthenticationSSLcapableRegistrychangesPersonalfirewallsJustanotherbrows

erPlatformindependentIEoneverydesktopSpecifyControllerViapublicwebpage–theMASTERsiteHowGatSlagworkedIICr

eatesinvisiblebrowserFindcontrolleratMASTERSendrequesttoControllerIfnoController&&retry>7,gotoMASTERReceivereplyParsereply:+Uploadfile()+

Downloadfile+ExecutecommandLoopWhydefensesfailFirewalls(stateful/NAT)ConfiguredtoallowuserorproxyoutContentlevel&IDSLoo

kslikevalidHTTPrequests&repliesFilesdownloadedastextinwebpagesNodataorportstolockontoSSLprovidesencryptionPersonalfirewallsIEvalidapplicationConfigu

redtoallowbrowsingAuthenticationproxiesUsersurfthewebProblemswithGatslagTheController’sIPcanbeobtained!Handlingof

multipleinstancesGUIsupportControllerneededtobeonlineBatchcommandsCommandhistoryMultiplecontrollersUploadfacilitynotefficientPlatfor

msupportStabilitySessionleveltunnelingSetiri:AdvancesinTrojanTechnologyDesignnotes:WebsitecontainsinstructionsCGIstocreatenewinstructionControl

ler’sinterface:•EXEC(DOScommands)•TX(Fileupload)•RX(Filedownload)Directorystructure–eachinstanceTrojan“surfs”towebsite–justanormaluserwouldS

etiri:AdvancesinTrojanTechnologyIIAnonymityProblemswithnormalproxiesAlreadyusingaproxyProxylogs“Cleaners”provideanonymity“Inbrowse

rproxy”–AnonymizerTrojan->Cleaner:SSLCleaner->Controller:SSLChallenges:BrowserhistoryTemporaryfilesDemonstratio

nTakingitfurtherSessionleveltunnelingFlowcontrolchallengesHowthisisdifferentfromHTTPtunnelingAbrowserisnotasocketNoselectonbrowserTrainmodelTheC

ontrollersideCannot“send”BufferingofdataatControllerTheTrojansideMulti-partPOSTsMultipleconnections(HTTP)TruenetworkleveltunnelingSolvingthe

dilemmaDeliveryWhitelistingUsereducationAV,personalfirewallsShouldyoualloweveryonetosurfthe‘net?ConclusionAwarenessOurmotivation