[Thread Prev][Thread Next]   >Date Index >Thread Index


Markus `Nick` Wennrich - Wed Jul 26 18:11:59 2000

RFC 31337

 Network Working Group                                    Dr. Fred Mbogo
 Request for Comments: 31337                                   July 2000
 Category: Standards Track                                    

                   Unified Backdoor Protocol Specification

 Status of this Memo

    This document specifies an Internet standards track protocol for the
    Internet community, and requests discussion and suggestions for
    improvements.  Please refer to the current edition of the "Internet
    Official Protocol Standards" (STD 1) for the standardization state
    and status of this protocol.  Distribution of this memo is unlimited.

 Copyright Notice

    Copyright (C) The Internet Society (2000).  All Rights Reserved.


    This document describes the UBP (Unified Backdoor Protocol) backdoor
    communication mechanism over IPv4 networks specified by ITU-T

 Mbogo, Fred                 Standards Track                     [Page 1]
 RFC 31337               Unified Backdoor Protocol              July 2000

 Table of Contents

 1. INTRODUCTION........................................................3
 2. PROTOCOL ABSTRACT...................................................4
 3. SOFTWARE AND HARDWARE GUIDELINES....................................5

 Mbogo, Fred                 Standards Track                     [Page 2]
 RFC 31337               Unified Backdoor Protocol              July 2000

 1. Introduction

    In modern times, there are thousands of different backdoor
    implementations, and thousands of communication protocols and
    hiding techniques used by them. On every machine, we find at least
    one of the following backdoors:

      o Backdoors left by administrators or ex-administrators
      o Backdoors left by software developers
      o Backdoors left by hardware vendors
      o Backdoors left by hackers
      o Backdoors left by NSA and other government agencies

    It should be obvious that this redundant structure is inefficient
    and difficult to use for the non-experienced operator. By creating
    a single, effective backdoor protocol, along with software and
    hardware guidelines and requirements, it's possible to make this
    system easy-to-use, and to elliminate the redundancy - thus making
    backdoors more accurate, better supported, effectively allowing
    faster growth of this most fascinating developement into the
    mainstream. Faster developement of backdoors will reduce the cost
    of testing and bug-removal, which will result in better software.

 Mbogo, Fred                 Standards Track                     [Page 3]
 RFC 31337               Unified Backdoor Protocol              July 2000

 2. Protocol abstract

    UBP is designed to act as a separate over-IP datagram protocol. It has
    protocol ID number set to 0xff.

    UBP frame format:

     |          magic password (fixed 16 bytes, 0-padding)           |
     |               evil commands (up to 256 bytes)                 |
     :                                                               :
     .                                                               .

    Backdoor software must listen on TCP and UDP ports 31337 (which is
    officially assigned to UBP-over-TCP and UBP-over-UDP protocols),
    and be able to respond to these requests by using its native UBP
    protocol layer. This option MUST be implemented for compatibility

    ANSI color codes are allowed and recommended inside the UBP  packet.

 Mbogo, Fred                 Standards Track                     [Page 4]
 RFC 31337               Unified Backdoor Protocol              July 2000

 3. Software and hardware guidelines

    New releases of krnl386.exe and glibc will implement libBackDoor
    library calls, including put_backdoor_here() and
    put_backdoor_somewhere_else(void* where) functions. Programmers are
    strongly advised to use these system-level features. The Linux
    kernel will support 'make backdoor_modules backdoor_modules_install' 
    make targets, while Windows registry will have RegisterBackdoor() 
    export.  Support for UBP for other platforms should be developed 
    promptly and documented in a replacement for this RFC.

    Major Linux developers have agreed that by implementing UBP in their
    distribution, they will be able to stop desperate crackers from spending
    hours finding new bugs in applications in order to crack systems. Thus,
    a UBP implementation will make their distros more secure and accurate.

    All packet routing / filtering hardware MUST pass both UDP/TCP
    traffic to port 31337 and UDP native traffic with no checks, in
    order to comply with protocol requirements. On devices with NAT,
    packets should be stored, and ICMP destination address query should
    be send back to source. Sender host should reply with ICMP
    destination address reply, allowing futher routing in private
    networks. Saved packet should then be rewritten and routed to
    network behind NAT.

    All processes using libBackDoor calls MUST be immediately hidden on
    the kernel level, and made unkillable and non-detectable by other

    For inter-backdoor communication, all UBP implementations SHOULD be
    themselves backdoored to accept the secret password "Netscape
    programmers are weenies!". We're glad to hear that some vendors
    have already implemented this requirement.

 Mbogo, Fred                 Standards Track                     [Page 5]