From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-desktop+bounces-1892-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1Q2Wgt-0006aK-8A
	for garchives@archives.gentoo.org; Wed, 23 Mar 2011 22:38:11 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 185931C032;
	Wed, 23 Mar 2011 22:36:44 +0000 (UTC)
Received: from shakti.fmp.com (shakti.fmp.com [208.81.244.105])
	by pigeon.gentoo.org (Postfix) with ESMTP id E680A1C032
	for <gentoo-desktop@lists.gentoo.org>; Wed, 23 Mar 2011 22:36:43 +0000 (UTC)
Received: from [192.168.1.16] ([::ffff:10.8.0.4])
  (AUTH: LOGIN fmouse@fmp.com)
  by shakti.fmp.com with esmtp; Wed, 23 Mar 2011 17:36:43 -0500
  id 000000000026852C.000000004D8A75FB.00003266
Subject: Re: [gentoo-desktop] Vulnerabilities on an RFC-1918 masqueraded
 Linux box.
From: Lindsay Haisley <fmouse-gentoo@fmp.com>
To: gentoo-desktop@lists.gentoo.org
In-Reply-To: <20110323215604.GL22830@comet.mayo.edu>
References: <1300723912.1757.71.camel@ubuntu>
	 <20110323104425.31e154c9.zilka@fi.muni.cz>
	 <1300905997.21521.142.camel@vishnu.fmp.com>
	 <20110323215604.GL22830@comet.mayo.edu>
Organization: FMP Computer Services
Date: Wed, 23 Mar 2011 17:36:41 -0500
Message-Id: <1300919801.21521.217.camel@vishnu.fmp.com>
Precedence: bulk
List-Post: <mailto:gentoo-desktop@lists.gentoo.org>
List-Help: <mailto:gentoo-desktop+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-desktop+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-desktop+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-desktop.gentoo.org>
X-BeenThere: gentoo-desktop@lists.gentoo.org
Reply-to: gentoo-desktop@lists.gentoo.org
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 7bit
X-Mailer: Evolution 2.26.3 
X-Archives-Salt: 
X-Archives-Hash: 42667192f2348346843fad0c7468a1d3

On Wed, 2011-03-23 at 16:56 -0500, Donnie Berkholz wrote:
> It's called reverse shellcode. One would exploit a vulnerability in your 
> web browser, email reader, or integrated apps/libraries (primarily 
> Flash, Evince/libpoppler, or Java) that provides the ability to run 
> arbitrary code as the local user to get the shellcode onto your system 
> and run it. Reverse shellcode then connects from your computer to a 
> remote server and provides them with a login shell.

Very interesting!

I did a bit of looking.  This appears to be far into the realm of
grey-hat hacking.  I found
<http://linux.softpedia.com/get/System/Shells/Sishell-25119.shtml>  and
<http://projectshellcode.com/node/2>.

This looks mostly like it's theoretical, proof of concept stuff, and
some of it uses DNS as an intermediary agent.  Do exploits based on on
these techniques actually exist in the wild that you know of?

Linux is unsinkable, just like the Titanic.

-- 
Lindsay Haisley       | "Never expect the people who caused a problem
FMP Computer Services |  to solve it." - Albert Einstein
512-259-1190          |        
http://www.fmp.com    |