Hi On Tue, May 06, 2003 at 06:22:54PM -0600, Will Aoki wrote: > I believe that there are rootkits in the wild which do this. Yepp. Found some standard rootkits with that thing as addition.
> Although I can't find the reference I had to it, I believe that some > listen for traffic on a rare or unallocated protocol before opening a > backdoor. http://www.phenoelit.de/stuff/cd00r.c has been used sometimes on compromised machines... MfG/Regards, Alexander -- Alexander Reelsen http://tretmine.org [EMAIL PROTECTED]
