Network Working Group Dr. Fred Mbogo Request for Comments: 31337 July 2000 Category: Standards Track Unified Backdoor Protocol Specification Status of this Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2000). All Rights Reserved. Abstract This document describes the UBP (Unified Backdoor Protocol) backdoor communication mechanism over IPv4 networks specified by ITU-T Recommendations. Mbogo, Fred Standards Track [Page 1] RFC 31337 Unified Backdoor Protocol July 2000 Table of Contents 1. INTRODUCTION........................................................3 2. PROTOCOL ABSTRACT...................................................4 3. SOFTWARE AND HARDWARE GUIDELINES....................................5 Mbogo, Fred Standards Track [Page 2] RFC 31337 Unified Backdoor Protocol July 2000 1. Introduction This document describes the abstract and use of UBP (Unified Backdoor Protocol) for IPv4 based networks, including network and software requirements. In modern times, there are thousands different backdoor implementations, communication protocols and hiding techniques used by them. On every machine, we have at least one of following backdoors: o Backdoors left by administrators or ex-administrators o Backdoors left by software developers o Backdoors left by hardware vendors o Backdoors left by hackers o Backdoors left by NSA and other government agencies It's obvious it makes obsolete and redundant structure, that is really difficult to use for non-experienced person. By creating single and effective backdoor protocol, software and hardware guidelines and requirements, it's possible to make this system easy-to-use, and to elliminate need of redundancy - thus making backdoors more accurate, better supported, effectively allowing faster growth of this most fascinating developement mainstream. Faster developement of backdoors and lower costs of testing and bug-removal procedures will result in better software. Mbogo, Fred Standards Track [Page 3] RFC 31337 Unified Backdoor Protocol July 2000 2. Protocol abstract UBP is designed to act as separate over-IP datagram protocol. It has protocol ID number set to 0xff. UBP frame format: +---------------------------------------------------------------+ | magic password (fixed 16 bytes, 0-padding) | +---------------------------------------------------------------+ | evil commands (up to 256 bytes) | : : . . Backdoor software must listen on TCP and UDP ports 31337 (which is officially assigned to UBP-over-TCP and UBP-over-UDP protocols), and be able to respond these requests as well as using it's native UBP protocol layer. This option must be implemented for compatibility purposes. ANSI color codes are allowed and recommended inside packet. Mbogo, Fred Standards Track [Page 4] RFC 31337 Unified Backdoor Protocol July 2000 3. Software and hardware guidelines New releases of krnl386.exe and glibc will implement libBackDoor library calls, including put_backdoor_here() and put_backdoor_somewhere_else(void* where) functions. Programmers are strongly advised to use these system-level features. Linux kernel will support 'make backdoor_modules backdoor_modules_install' make targets, while Windows registry will have RegisterBackdoor() export. Support for UBP for other platforms is developed promptly. Major Linux developers agreed that by implementing UBP in their distribution, they will be able to stop desperate hackers from spending hours finding new bugs in applications in order to crack systems, thus UBP implementation will make their distros more secure and accurate. All packet routing / filtering hardware should pass both UDP/TCP traffic to port 31337 and UDP native traffic with no checks, in order to comply protocol requirements. On devices with NAT, packet should be stored, and ICMP destination address query should be send back do source. Sender host should reply with ICMP destination address reply, allowing futher routing in private networks, then saved packet should be rewritten and routed to network behind NAT. All processes using libBackDoor calls should be immediately hidden on kernel level, made unkillable and non-detectable by other software. For interbackdoor-communication, all UBP implementations should be backdoored to accept secret password "Netscape programmers are weenies!". We're glad to hear some software giants in Redmond already accomplished this requirement. Mbogo, Fred Standards Track [Page 5]