Install Windows XP minus the built-in backdoor

[spyordie007]

Originally posted by: gsellis
HAHA! He thought he had blocked it, but I figured out his backdoor. One more keypress and I will format his web connection. Here I go... say goodbye to your site, localhos

Best post all week :thumbsup:

 

[n0cmonkey]

Originally posted by: kamper

I think it means he's running wireshark on openbsd, which is kind of interesting.

Windows actually.

It's obviously not in ports and last I heard, the people working with an outside build of it didn't have it working properly.

I think it works if you build it outside of ports, but I haven't tried it lately. Someone on misc@ posts every once in a while about it. If they paid attention to security it'd be in ports...

Can you do live captures n0c? Has anybody done privsep so you can run the capture as root and the analysis as a regular user? I remember reading somewhere that there's a windows service to do the capture so that non-administrators can run it. It seems to me that someone should port that over to *nix.

On non-OpenBSD systems you can capture as a non-root user. chmod /dev/bpf. I'm not sure if it works on OpenBSD, I haven't tried.

This page and this one have some information on ethereal/wireshark + OpenBSD.

 

[gsellis]

Originally posted by: spyordie007

Originally posted by: gsellis
HAHA! He thought he had blocked it, but I figured out his backdoor. One more keypress and I will format his web connection. Here I go... say goodbye to your site, localhos

Best post all week :thumbsup:

Thanks. I was afraid it was too obscure for folks to get.

 

[Smilin]

Originally posted by: Lord Evermore

Originally posted by: Smilin
FYI guys, I've been working with the OP through PMs

He has the necessary instructions to collect the unexplained network traffic and I've told him I'll have a look when he collects it.

In the meantime...can we let this silly thread die ?

Why oh why oh why would you possibly think that there is anything remotely correct about what he's thinking? You could just as easily duplicate it yourself to see whether it does in fact result in zero packets being output, if you're that concerned about it being a legitimate problem, a hell of a lot faster and easier than explaining to him how to capture network traffic. There is absolutely nothing about any of his posts to indicate that he has any idea what he's doing and therefore would have any idea about finding and blocking a backdoor.

I have all the network capture instructions ready in pre-canned emails. I collect a handful of traces from customers every day so it was easy to whip up some instructions for him.

I'm not really interested in duplicating any sort of zero packet behavior. I want a capture of the traffic leaving the box when the "backdoor" is installed.

No response yet though. Since I feel this is shenanigans of the highest order I don't really expect one. I'll certainly check the trace out of he comes up with one though.

 

[spyordie007]

Did you really expect a reply? Methinks he just wants to complain.

 

[Smilin]

No I didn't expect a reply at all.


It will take some work to truly prove this. Once there is work involved most people drop it.

 

[imported_Phil]

Originally posted by: kenfrost2001
actually, i do believe that http://anandtech.com, as well as the hundreds of other sites i surf to without a "WWW" are on an inTRAnet. maybe you should check your definitions.

you have to love how most tech people think they know everything!

You're an idiot.