Archive for April, 2007
Some time ago I’ve written proof-of-concept Solaris loadable kernel module to demonstrate sending packets from kernel space. You can see proof-of-concept MPEG movie here. Similar modules have been floating on the net for Linux for years, but there wasn’t any for Solaris. The plan was to write backdooring LKM with networking abilities possibly with some advanced hiding features like controling Balrog from DNS server – Balrog had to simulate DNS client making requests to /etc/resolv.conf’s proxy DNS servers ( the idea was to fool firewall/IDS/IPS systems which allow DNS traffic from servers ). Due to lack of time I had to abort the project - only bits of code responsible for sending and reciving have been written, even without in-kernel DNS library. On the movie you can see sending data on UDP port 53 after module initialisation. It was real hackery to get things done simply because orginal Solaris 10 kernel didn’t have API for accessing kernel-side of sockets ( fortunately source code from OpenSolaris helped me a lot ;] )… The resuling C code of Balrog is so ugly that I’m not going even to release it, however today I’ve noticed new OpenSolaris project named kernel-sockets so maybe it’s time for a small rewrite ?