Security Basics mailing list archives
Re: Hidden Ports
From: H Carvey <keydet89 () yahoo com>
Date: 4 Feb 2004 20:47:54 -0000
In-Reply-To: <JGEIIEMEINOFOPANNLKAAEDGDCAA.Dimitri () staf pi be>
you have to ping the compromised host with a certain packetsize (or packettype, like SYN) before it will open the port.so a simple nmap on the target won't reveal the opened port...
The reason nmap won't detect it is, as you say, until the trigger appears, the port isn't open. Essentially, the backdoor listens to the stack for the properly-formatted trigger packet...while listening, the port isn't open. Once the trigger is received, the port then opens...at that point, it *can* be detected by nmap.
good antivirus detects this, but a good hacker can also make this undetected for antivirussoftware by only changing a couple of bytes with any free hexeditor software. so to make sure you got rid of the virus completely :
Maybe...depends on the bytes. The "hacker" would have to know how the various anti-virus products check for signatures, and then modify the bytes within that signature.
format c: hope this was an interesting read for the group ,
Not really. --------------------------------------------------------------------------- Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any course! All of our class sizes are guaranteed to be 10 students or less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off any course! ----------------------------------------------------------------------------
Current thread:
- Re: Necessary ports and not necessary ports, (continued)
- Re: Necessary ports and not necessary ports JGrimshaw (Feb 06)
- Re: Necessary ports and not necessary ports NSC (Feb 06)
- Re: [work] Hidden Ports opticfiber (Feb 05)
- Re: Hidden Ports Vincent (Feb 06)
- Re: Hidden Ports Alessandro (Feb 04)
- Re: Hidden Ports H Carvey (Feb 05)
- Re: Hidden Ports H Carvey (Feb 06)
- RE: Hidden Ports Dimitri Bertolami (Feb 06)
- Re: Hidden Ports Michael Painter (Feb 09)
- RE: Hidden Ports Aditya [ Aditya Lalit Deshmukh ] (Feb 10)
- RE: Hidden Ports Dimitri Bertolami (Feb 06)
- Re: Hidden Ports H Carvey (Feb 06)
- Re: Hidden Ports H Carvey (Feb 09)