Information about the Rpimp backdoor

Reverse Pimpage was designed to allow you to access a box that is behind a
firewall from outside that firewall itself. The way it accomplishes this is
by having the "client", the box behind the firewall, send in certain
intervals a SYN request to a certain port. The reason it does it in
intervals is so that some routers dont freak out that they're getting
a continous stream of SYN requests, and for efficiency. Once you get
home for the day you simply run the "server" on your home PC and when
the time interval is up it will connect.
Once it's connected the "client" telnets to itself and routes data back and
forth between the two. It's rather efficient and the security is there.

A rpimp`s analyse, done by Daniel Cid (me), can be found in the link:
http://www.ossec.net/rootkits/studies/rpimp.txt

Download: rpv21.tar.gz bc494b0a8cd6928710f1a50462b1d5b4

Files to search:

• *rpimp

*All files with an "*" need to be search in all system
**If you have any more information, send to: mail1, or to mail2.




$RootCheck: rpimp.php ,v 1.0 2003/10/17, Daniel B. Cid$