A chipset level network backdoor

Sherri Sparks, Shawn Embleton, Cliff C. Zou
2009 Proceedings of the 4th International Symposium on Information, Computer, and Communications Security - ASIACCS '09  
Chipsets refer to a set of specialized chips on a computer's motherboard or an expansion card [12] . In this paper we present a proof of concept chipset level rootkit/network backdoor. It interacts directly with network interface card hardware based on a widely deployed Intel chipset 8255x, and we tested it successfully on two different Ethernet cards with this chipset. The network backdoor has the ability to both covertly send out packets and receive packets, without the need to disable
more » ... y software installed in the compromised host in order to hide its presence. Because of its low-level position in a computer system, the backdoor is capable of bypassing virtually all commodity firewall and host-based intrusion detection software, including popular, widely deployed applications like Snort and Zone Alarm Security Suite. Such network backdoors, while complicated and hardware specific, are likely to become serious threats in high profile attacks like corporate espionage or cyber terrorist attacks.
doi:10.1145/1533057.1533076 dblp:conf/ccs/SparksEZ09 fatcat:w6m66pzn6ffs7nzlbpk27dchki