Web tap: detecting covert web traffic
Proceedings of the 11th ACM conference on Computer and communications security
Rootkits: Subverting the Windows Kernel
Rootkits: Subverting the Windows Kernel
Extrusion Detection: Security Monitoring for Internal Intrusions
Extrusion Detection: Security Monitoring for Internal Intrusions
BINDER: an extrusion-based break-in detector for personal computers
ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Exposure maps: removing reliance on attribution during scan detection
HOTSEC'06 Proceedings of the 1st USENIX Workshop on Hot Topics in Security
Towards reducing the attack surface of software backdoors
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Implementation and implications of a stealth hard-drive backdoor
Proceedings of the 29th Annual Computer Security Applications Conference
| Hi-index | 0.00 |
Chipsets refer to a set of specialized chips on a computer's motherboard or an expansion card [12]. In this paper we present a proof of concept chipset level rootkit/network backdoor. It interacts directly with network interface card hardware based on a widely deployed Intel chipset 8255x, and we tested it successfully on two different Ethernet cards with this chipset. The network backdoor has the ability to both covertly send out packets and receive packets, without the need to disable security software installed in the compromised host in order to hide its presence. Because of its low-level position in a computer system, the backdoor is capable of bypassing virtually all commodity firewall and host-based intrusion detection software, including popular, widely deployed applications like Snort and Zone Alarm Security Suite. Such network backdoors, while complicated and hardware specific, are likely to become serious threats in high profile attacks like corporate espionage or cyber terrorist attacks.