【文档说明】十一届全国政协委员职务和界别情况T。。。.pptx，共(29)页，470.731 KB，由精品优选上传

转载请保留链接：https://www.ichengzhen.cn/view-324492.html

以下为本文档部分文字说明：

Setiri:AdvancesinTrojanTechnologyRoelofTemminghHaroonMeerBlackHatUSA2002ScheduleIntroductionWhyTrojans?BriefHistoryofTrojans&CovertChannelsThe

HybridmodelSetiri:AdvancesinTrojanTechnologyDemonstrationTakingitfurtherPossiblefixesIntroductionSensePostThespeakersObjectiveo

fpresentationWhyTrojans?ProfileofTrojanusersRealcriminals……don’twritebufferoverflowsTheweirdnessoftheindustryExamplesBr

iefHistoryofTrojans&CovertTunnelsTrojansFromQuickThinkingGreeks…toQuickThinkingGeeksTunnelsCovertChannelsTrojans.

.ValidIP–NoFiltersValidIP–StatelessFiltersPrivateAddresses–StatefulFiltersPrivate+Stateful+IDS+PersonalFirewalls+Conten

tChecking+…Trojans..(ValidIP–NoFilters)“getreal..”Trojans..(ValidIP–StatelessFilter)DialHomeTrojansRandomPorts/OpenPorts/HighPorts[cDc]ACKTu

nneling[ArneVidstrom]Trojans..(StatefulFilters)BackOrifice-http://bo2k.sourceforge.netGbotRattlerBriefHistoryofTrojans&CovertTunnelsTrojans

FromQuickThinkingGreeks…toQuickThinkingGeeksTunnelsCovertChannelsTunnels&CovertChannelsConventionalTrojans&howtheyfailStatef

ulfirewall&IDSDirectmodelDirectmodelwithnetworktricksICMPtunnelingACKtunnelingProperlyconfiguredstatefulfirewallIR

Cagents+AuthenticationproxyHTTPtunnel++Personalfirewall&AdvancedProxyHTTPtunnelwithAuthentication+++Hybridmodel:“GatSlag”Combinatio

nbetweencovertTunnelandTrojanDefensesmechanismstoday:Packetfilters(stateful)/NATAuthenticationProxiesIntrusiondetectionsystemsPersonalfirewa

llsContent/protocolcheckingBiometrics/TokenPads/OnetimepasswordsEncryptionAtypicalnetworkHowGatSlagworkedReverseconnectionHTTPcoverttunnelM

icrosoftInternetExplorerastransportControlsIEviaOLEEncapsulateinIE,notHTTPReceivecommandsintitleofwebpageReceiveencodeddataasplaintextinbodyofwebpa

geSenddatawithPOSTrequestSendalivesignalswithGETrequestWhyGatSlagworkedIntegrationofclientwithMSProxyNTLMauthenticationSSLcapableRegist

rychangesPersonalfirewallsJustanotherbrowserPlatformindependentIEoneverydesktopSpecifyControllerViapublic

webpage–theMASTERsiteHowGatSlagworkedIICreatesinvisiblebrowserFindcontrolleratMASTERSendrequesttoControllerIfnoController&&retry>7,gotoMASTERRece

ivereplyParsereply:+Uploadfile()+Downloadfile+ExecutecommandLoopWhydefensesfailFirewalls(stateful/NAT)ConfiguredtoallowuserorproxyoutConten

tlevel&IDSLookslikevalidHTTPrequests&repliesFilesdownloadedastextinwebpagesNodataorportstolockontoSSLprovidesencryptionPersonalfirewallsIEv

alidapplicationConfiguredtoallowbrowsingAuthenticationproxiesUsersurfthewebProblemswithGatslagTheController’sIPcanbeobtained!Handlingofmultipleinst

ancesGUIsupportControllerneededtobeonlineBatchcommandsCommandhistoryMultiplecontrollersUploadfacilityn

otefficientPlatformsupportStabilitySessionleveltunnelingSetiri:AdvancesinTrojanTechnologyDesignnotes:Websitecontainsinstructions

CGIstocreatenewinstructionController’sinterface:•EXEC(DOScommands)•TX(Fileupload)•RX(Filedownload)Directorystructu

re–eachinstanceTrojan“surfs”towebsite–justanormaluserwouldSetiri:AdvancesinTrojanTechnologyIIAnonymityProblemswithnormalpro

xiesAlreadyusingaproxyProxylogs“Cleaners”provideanonymity“Inbrowserproxy”–AnonymizerTrojan->Cleaner:SSLCleaner-

>Controller:SSLChallenges:BrowserhistoryTemporaryfilesDemonstrationTakingitfurtherSessionleveltunnelingFlowcontrolchallengesHowt

hisisdifferentfromHTTPtunnelingAbrowserisnotasocketNoselectonbrowserTrainmodelTheControllersideCannot“send”BufferingofdataatControll

erTheTrojansideMulti-partPOSTsMultipleconnections(HTTP)TruenetworkleveltunnelingSolvingthedilemmaDeliveryWhitel

istingUsereducationAV,personalfirewallsShouldyoualloweveryonetosurfthe‘net?ConclusionAwarenessOurmotivation