[rc5] Win32 GUI client is a trojan?

wooledge at kellnet.com wooledge at kellnet.com
Tue Nov 4 19:40:57 EST 1997


Kevin van Haaren (KvanHaaren at HNTB.com) wrote:

> can't say it was changing passwords.  I'd be more worried about it
> sending password list files/password registry's back.  They could easily
> test for this by slapping a sniffer/packet analyzer on the output and
> seeing what data is really sent back.  Since v2 source code is
> unavailable you don't really know.

On Linux, strace will show all the system calls a process makes (including
all I/O).  You can see exactly what file or port is opened, what data is
read or written, etc.  On SVR4, the truss program does the same thing.
I've heard that FreeBSD has a ptrace program that works the same way,
but I've never used that one personally.  And for network traffic,
as you mentioned, there are packet analyzers.

Of course, some people are stuck with "operating systems" that don't
provide this level of functionality.... :-)

-- 
------------                  Greg Wooledge                  -------------
-------                   wooledge at kellnet.com                     -------
---              http://kellnet.com/wooledge/main.html                 ---
----
To unsubscribe, send email to majordomo at llamas.net with 'unsubscribe rc5' in the body.



More information about the rc5 mailing list