Q

1.Summary:
Q is a Trojan Horse offering the attacker remote access to the victim
host. This event is generated when raw TCP packets are sent to the
victim server.

2.Impact:
Possible theft of data and control of the targeted machine leading to a
compromise of all resources the machine is connected to.

3.Detailed Information:
This Trojan affects UNIX operating systems.

The Trojan is controlled by sending raw packets (TCP/UDP/ICMP) to the
victim host containing commands to be run as root.

4.Attack Scenarios:
This Trojan may be delivered to the target in a number of ways. The
attacker can then choose to send raw data to the victim via TCP/UDP/ICMP
from the broadcast address of a class C network.

5.Ease of Attack:
This is Trojan activity, the target machine may already be compromised.

6.Corrective Action:
Traffic originating from a broadcast address should not be allowed from
external sources or from internal sources to external destinations.
Judicious use of firewall rules is necessary.