Internet Archive Scholar

A chipset level network backdoor

Sherri Sparks, Shawn Embleton, Cliff C. Zou
2009 Proceedings of the 4th International Symposium on Information, Computer, and Communications Security - ASIACCS '09  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (853.3 kB)
https://web.archive.org/web/20150216060401/http://cs.ucf.edu:80/~czou/research/Chipset%20Backdoor-AsiaCCS09.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2015; you can also visit the original URL. The file type is application/pdf.

Chipsets refer to a set of specialized chips on a computer's motherboard or an expansion card [12] . In this paper we present a proof of concept chipset level rootkit/network backdoor. It interacts directly with network interface card hardware based on a widely deployed Intel chipset 8255x, and we tested it successfully on two different Ethernet cards with this chipset. The network backdoor has the ability to both covertly send out packets and receive packets, without the need to disable
more » ... y software installed in the compromised host in order to hide its presence. Because of its low-level position in a computer system, the backdoor is capable of bypassing virtually all commodity firewall and host-based intrusion detection software, including popular, widely deployed applications like Snort and Zone Alarm Security Suite. Such network backdoors, while complicated and hardware specific, are likely to become serious threats in high profile attacks like corporate espionage or cyber terrorist attacks.
doi:10.1145/1533057.1533076 dblp:conf/ccs/SparksEZ09 fatcat:w6m66pzn6ffs7nzlbpk27dchki
Citation

Sherri Sparks, Shawn Embleton, Cliff C. Zou. "A chipset level network backdoor." Proceedings of the 4th International Symposium on Information, Computer, and Communications Security - ASIACCS '09 (2009) 125-134