Security Basics mailing list archives
Finding hidden backdoors
From: "Daniel B. Cid" <danielcid () yahoo com br>
Date: 31 Jul 2003 16:18:46 -0400
I saw some people talking about rootkits that hidden process/ports. One think that i always do to see what ports are open is to run this perl script: use IO::Socket; for($i=0;$i<=65555;$i++) { $server[$i] = IO::Socket::INET->new( Proto => 'tcp', LocalPort => $i, Listen => SOMAXCONN, Reuse => 1) or print "Port $i Open \n" unless $server[$i]; close ($server[$i]); } This is good because if "netstat" or "lsof" or "fuser" or any other program is trojaned , or if it has any firewall and nmap is not finding all the open ports, this script will show ... The other benefit is that you cant hidden from it using any LKM code... What do you thing ? thanks Daniel B. Cid --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Finding hidden backdoors Daniel B. Cid (Jul 31)
- Re: Finding hidden backdoors Tim Greer (Jul 31)