Title

A Chipset Level Network Backdoor: Bypassing Host-Based Firewall &Amp; Ids

Keywords

Hardware security; Network backdoor; Rootkit

Abstract

Chipsets refer to a set of specialized chips on a computer's motherboard or an expansion card [12]. In this paper we present a proof of concept chipset level rootkit/network backdoor. It interacts directly with network interface card hardware based on a widely deployed Intel chipset 8255x, and we tested it successfully on two different Ethernet cards with this chipset. The network backdoor has the ability to both covertly send out packets and receive packets, without the need to disable security software installed in the compromised host in order to hide its presence. Because of its low-level position in a computer system, the backdoor is capable of bypassing virtually all commodity firewall and host-based intrusion detection software, including popular, widely deployed applications like Snort and Zone Alarm Security Suite. Such network backdoors, while complicated and hardware specific, are likely to become serious threats in high profile attacks like corporate espionage or cyber terrorist attacks. Copyright 2009 ACM.

Publication Date

12-1-2009

Publication Title

Proceedings of the 4th International Symposium on ACM Symposium on Information, Computer and Communications Security, ASIACCS'09

Number of Pages

125-134

Document Type

Article; Proceedings Paper

Personal Identifier

scopus

DOI Link

https://doi.org/10.1145/1533057.1533076

Socpus ID

77952353295 (Scopus)

Source API URL

https://api.elsevier.com/content/abstract/scopus_id/77952353295

This document is currently not available here.

Share

COinS