开云体育

ctrl + shift + ? for shortcuts
© 2025 开云体育
  1. D-Rats
  2. Messages
Single Messages Topics Expanded Polls

Re: Security issues question in the Files Transfer system of D-Rats

 

One of the users also suggested using a folder on a certain capacity thumb drive attached to the computer and use that as the D-RATS Shared folder.??It is my understanding that if an infected file were to be uploaded, it could do no damage until and unless it was executed on the receiving machine.??It would be a simple matter to scan the thumb drive for malware periodically without having to do a scan of the entire computer to make sure nothing harmful was on the thumb drive.

I know there are malicious folks everywhere these days, but I have not run across people like that in the Amateur Radio community, not yet anyway.??But as the Good Lord says, "All have sinned and fallen short…” so I guess it is better to be safe than sorry.??It would be a very nasty way to interfere in an emergency response.

Glen-KG5CEN
On Feb 14, 2021, 11:54 AM -0600, Emile “Cheap Old Man” Diodene <ediodene@...>, wrote:

Yeah Glen, I like the ideas about the Symlinks from Mark...? I think in Windows the equivalent of /dev/null is $NULL from powershell or NUL?from a command prompt...

image.png

image.png

On Sun, Feb 14, 2021 at 11:05 AM Mark via <markwaldron1=[email protected]> wrote:

You'd have to iron out the particulars and exact syntax, but why not dump the temp directory contents to /dev/null?

This could be tuned on/off as desired, as well.

Other options:
  • LD-PRELOAD ()"Another approach would be a LD_PRELOAD wrapper; basically a small shared library which is loaded before libc.so, and intercepts calls to "open" with something that checks the prospective file path and substitutes "/dev/null" if it would be in the target directory.This has the advantage of being (a) entirely in user-space - no kernel hacking required; and (b) only affecting the single errant application. A simple example is at
  • Look into FUSE.

  • A simple script to clobber any/all contents of the shared folder that runs often.
  • SymLink shared folder contents to /dev/null.

Join [email protected] to automatically receive all group messages.