Thought of a network security question and wondering if it makes sense

  • SpinRite v6.1 Release #3
    Guest:
    The 3rd release of SpinRite v6.1 is published and may be obtained by all SpinRite v6.0 owners at the SpinRite v6.1 Pre-Release page. (SpinRite will shortly be officially updated to v6.1 so this page will be renamed.) The primary new feature, and the reason for this release, was the discovery of memory problems in some systems that were affecting SpinRite's operation. So SpinRite now incorporates a built-in test of the system's memory. For the full story, please see this page in the "Pre-Release Announcements & Feedback" forum.
    /Steve.
  • Be sure to checkout “Tips & Tricks”
    Dear Guest Visitor → Once you register and log-in please checkout the “Tips & Tricks” page for some very handy tips!

    /Steve.
  • BootAble – FreeDOS boot testing freeware

    To obtain direct, low-level access to a system's mass storage drives, SpinRite runs under a GRC-customized version of FreeDOS which has been modified to add compatibility with all file systems. In order to run SpinRite it must first be possible to boot FreeDOS.

    GRC's “BootAble” freeware allows anyone to easily create BIOS-bootable media in order to workout and confirm the details of getting a machine to boot FreeDOS through a BIOS. Once the means of doing that has been determined, the media created by SpinRite can be booted and run in the same way.

    The participants here, who have taken the time to share their knowledge and experience, their successes and some frustrations with booting their computers into FreeDOS, have created a valuable knowledgebase which will benefit everyone who follows.

    You may click on the image to the right to obtain your own copy of BootAble. Then use the knowledge and experience documented here to boot your computer(s) into FreeDOS. And please do not hesitate to ask questions – nowhere else can better answers be found.

    (You may permanently close this reminder with the 'X' in the upper right.)

coffeeprogrammer

Well-known member
Jul 19, 2021
169
14
I thought of a networking security question. The idea goes something like this. There are networking stacks that exist that are not IP, the internet works on IP and the ability for it to be routed. Steve went over this many years ago, why NAT is effective and the usefulness of Shields Up. With the iphone backdoor we have an idea that companies do put in back doors in for various reasons. With a ISP supplied a router or a popular brand name, could they have a secret networking stack that would allow someone in, and it would not be from a IP style packet. This might not work from far away because the traffic would have to be routed, but at a ISP level, if they knew that a router had a backdoor then they would not have to route over the internet to get to it, just be at the other end of the wire. Assuming that that such a router would let someone in with a alternative network stack, the next question is what would that mean for the hosts running on that network? Most systems running on a local sub net would be IP, but could a software vulnerability that existed on one of those hosts then be used to get in after getting past router/nat firewal? Or could an operating system vendor include a networking stack that is hidden from the user? When I was thinking about this, I deiced that it would be too difficult for me or most people perhaps, to figure out if there were a hidden network stack in Windows or some other massive OS. But some router operating systems are open source and the ones that are not open source could be reverse engineered to find a hidden network stack. What would be the case then, even if reverse engineered router OS were fully understood, could it still hide a back door but using something in hardware? In the iphone situation, if you had a static image of what was running on the iphone and you 100% understood every thing, you would not see the back door, because there is nothing in the code that is using it. It was only discovered when it was being used. Could that exist in my idea about a router? The backdoor could be there, but without understanding everything from the hardware you would never see it. Only from seeing how the software was using it was it discovered. At least that is what I understand about the apple iphone example. I had one other thought, what if the networking stack had a particular code to let some one in far a exact IP with an exact payload? In that case, the ISP would have to send fake IP packets to the router that commands it to open its backdoor. At least that is what I was thinking in the case of staying within the IP networking stack.



So is there anything to this idea of backdoor networking stacks? Is this some thing that could be hidden in routers? Could reverse engineering find it in in a simple router? Would an open-source router OS be 100% effective in this case? Or could it be, in theory, hidden only in the hardware? If it were hidden in hardware, then putting a custom trusted OS on the router would destroy that I think.
 
Also, if you were to capture all of the traffic to and from your router, then you would be able to see the back door traffic? This would be the case because everything is just binary data, so if you could filter out the normal stuff, then you would see the backdoor traffic? Would that be correct understanding?
 
Just a little stream of consciousness.

In theory a off the shelf router could have a port knocking sensing capability. Either the company put it there
deliberately or their supply chain for the software was compromised. Very much like the Apple silicon story.

Either way the evil one could have root level wan access. Finding it would require you to have a safe router with logging
between the internet and the bad router and let all packets through and then analyze the data
to discover the conversion. Even if you capture the conversation it could be encrypted.

I guess the answer is to just put in a trusted router and block.