Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:184 |
Message | BACKDOOR Q access |
Summary | Q is a Trojan Horse offering the attacker remote access to the victim host. This event is generated when raw TCP packets are sent to the victim server. |
Impact | Possible theft of data and control of the targeted machine leading to a compromise of all resources the machine is connected to. |
Detailed Information | This Trojan affects UNIX operating systems. The Trojan is controlled by sending raw packets (TCP/UDP/ICMP) to the victim host containing commands to be run as root. |
Affected Systems | |
Attack Scenarios | This Trojan may be delivered to the target in a number of ways. The attacker can then choose to send raw data to the victim via TCP/UDP/ICMP from the broadcast address of a class C network. |
Ease of Attack | This is Trojan activity, the target machine may already be compromised. |
Corrective Action | Traffic originating from a broadcast address should not be allowed from external sources or from internal sources to external destinations. Judicious use of firewall rules is necessary. |
Additional References | Whitehats arachNIDS http://www.whitehats.com/info/IDS202 |
Rule References | arachnids: 203 |
--
DID:358200
--
http://www.aanval.com/