Hi all
What is a Backdoor?
How does it work?
How to find out the Backdoor present in the system? Both Unix and Windows.
Stay Tuned
Printable View
Hi all
What is a Backdoor?
How does it work?
How to find out the Backdoor present in the system? Both Unix and Windows.
Stay Tuned
Hi all
What is a Backdoor?
How does it work?
How to find out the Backdoor present in the system? Both Unix and Windows.
Stay Tuned
A backdoor is basically a very generic term for a way for an intruder to get in to another system. It can work in a number of ways, either being left in code, or a trojan, etc. Well, you last question is a little tougher. If the backdoor is a trojan, then chances are it will show up on a virus scan. But if it is embedded in the code of a legitimate app (wasnt there one in redhat a couple years ago, pirhana or something?) then you might have a problem, because it will be a little harder to find. Google it. Sorry, i gotta go to school.
slick
A backdoor is basically a very generic term for a way for an intruder to get in to another system. It can work in a number of ways, either being left in code, or a trojan, etc. Well, you last question is a little tougher. If the backdoor is a trojan, then chances are it will show up on a virus scan. But if it is embedded in the code of a legitimate app (wasnt there one in redhat a couple years ago, pirhana or something?) then you might have a problem, because it will be a little harder to find. Google it. Sorry, i gotta go to school.
slick
It's the same as a house. A house has a front door. This door is usually well protected and locked. The backdoor is sometimes left open.
But seriously :) it's a small program that listens on a certain port and it gives the bad guys a way to enter your system without being blocked by the normal security measures.
There's a way to find out what port is 'listening'. You can use the same command on *nix and windows:
netstat -an look for ports that have the status LISTEN.
It's the same as a house. A house has a front door. This door is usually well protected and locked. The backdoor is sometimes left open.
But seriously :) it's a small program that listens on a certain port and it gives the bad guys a way to enter your system without being blocked by the normal security measures.
There's a way to find out what port is 'listening'. You can use the same command on *nix and windows:
netstat -an look for ports that have the status LISTEN.
So, If i see some suspecious ip as LISTENING, how do I stop it ?
1 more total newbie question :
What do u mean by LISTENING, TIME_WAIT, ESTABLISHED, and CLOSE WAIT ?
So, If i see some suspecious ip as LISTENING, how do I stop it ?
1 more total newbie question :
What do u mean by LISTENING, TIME_WAIT, ESTABLISHED, and CLOSE WAIT ?
It depends what is listening. On windows you'll need a utility called fport. On Freebsd (maybe linux too) you can use the command sockstat. Both commands will tell you the process that is listening on that port.Quote:
These are the states a tcp connection can be in.Quote:
1 more total newbie question :
What do u mean by LISTENING, TIME_WAIT, ESTABLISHED, and CLOSE WAIT ?
http://support.microsoft.com/default...;EN-US;q137984
http://www.faqs.org/docs/iptables/tcpconnections.html
It depends what is listening. On windows you'll need a utility called fport. On Freebsd (maybe linux too) you can use the command sockstat. Both commands will tell you the process that is listening on that port.Quote:
These are the states a tcp connection can be in.Quote:
1 more total newbie question :
What do u mean by LISTENING, TIME_WAIT, ESTABLISHED, and CLOSE WAIT ?
http://support.microsoft.com/default...;EN-US;q137984
http://www.faqs.org/docs/iptables/tcpconnections.html
No offense, but this sort of question is common.
Its just well ummm english and common sense. If you think about it whats a frontdoor? its a door in your house, and then whats the backdoor? its another door in your house you us to get in from also...
Same thing applys to computers, you have your usual login methods etc... and then you my have the attacks method of getting in...i.e a backdoor.
backdoors as already said can be in a program or some means of exploiting the software already on the system, it depends on what context you use the term backdoor as to what it means.
some programmers leave backdoors in things so that they can go back and change things, this isnt common practice but it has been done. Crackers use special backdoor programs that they ever write them selves or download.
i2c
No offense, but this sort of question is common.
Its just well ummm english and common sense. If you think about it whats a frontdoor? its a door in your house, and then whats the backdoor? its another door in your house you us to get in from also...
Same thing applys to computers, you have your usual login methods etc... and then you my have the attacks method of getting in...i.e a backdoor.
backdoors as already said can be in a program or some means of exploiting the software already on the system, it depends on what context you use the term backdoor as to what it means.
some programmers leave backdoors in things so that they can go back and change things, this isnt common practice but it has been done. Crackers use special backdoor programs that they ever write them selves or download.
i2c
Someone mentioned FPort, I thought I'd mention the location to download it.
http://foundstone.com
Click on resources at the top, then click on free tools on the left, then click on intrusion detection and there you go. It's a command line program, so you need to be in a command window to run it.
Someone mentioned FPort, I thought I'd mention the location to download it.
http://foundstone.com
Click on resources at the top, then click on free tools on the left, then click on intrusion detection and there you go. It's a command line program, so you need to be in a command window to run it.
Yeah. Like slick and Sir Dice said, a backdoor can allow crackers/intruders to get into your computer. i also heard backdoors can be worms but thats probably old news. if your backdoor's opened and a cracker finds it. whoa ur obviously in big trouble. especially if you use cable or dsl for internet.
Yeah. Like slick and Sir Dice said, a backdoor can allow crackers/intruders to get into your computer. i also heard backdoors can be worms but thats probably old news. if your backdoor's opened and a cracker finds it. whoa ur obviously in big trouble. especially if you use cable or dsl for internet.
Well, erm. let's try to clarify this, because you all even have me confused.
SirDice gave a good explanation of this, so I won't touch on it further.Quote:
What is a Backdoor
At this point the mechanics of how they work would probably confuse you. Again, SirDice explained this very well.Quote:
How does it work
All the tools mentioned will work, but any antivirus that is up to date will do essentially the same thing. That's a simplistic remedy, but we'll leave it at that for now.Quote:
How to find out the Backdoor present in the system
http://www.petri.co.il/quickly_find_...open_ports.htmQuote:
What do u mean by LISTENING, TIME_WAIT, ESTABLISHED, and CLOSE WAIT ?
This will give you an explanation better than I can, plus a small lesson on using netstat.
Not always. Sometimes we have difficulty remembering that there really are people out there that want to learn about security, and are not just skiddies trying to social engineer exploits.Quote:
No offense, but this sort of question is common
Actually, the "payload' of the malware can be a backdoor; that is, worms, viri, rootkits, or spyware can have, as part of their program, a means to open a backdoor. And although the term 'trojan' probably gets misused more than anything, a trojan is something that looks like one thing, but is really another. Nowadays, I would classify a trojan as mainly email attachments that, for example, have naked pictures of Anna Kournikova, but really contains a keylogger (or other malware).Quote:
i also heard backdoors can be worms
Well, erm. let's try to clarify this, because you all even have me confused.
SirDice gave a good explanation of this, so I won't touch on it further.Quote:
What is a Backdoor
At this point the mechanics of how they work would probably confuse you. Again, SirDice explained this very well.Quote:
How does it work
All the tools mentioned will work, but any antivirus that is up to date will do essentially the same thing. That's a simplistic remedy, but we'll leave it at that for now.Quote:
How to find out the Backdoor present in the system
http://www.petri.co.il/quickly_find_...open_ports.htmQuote:
What do u mean by LISTENING, TIME_WAIT, ESTABLISHED, and CLOSE WAIT ?
This will give you an explanation better than I can, plus a small lesson on using netstat.
Not always. Sometimes we have difficulty remembering that there really are people out there that want to learn about security, and are not just skiddies trying to social engineer exploits.Quote:
No offense, but this sort of question is common
Actually, the "payload' of the malware can be a backdoor; that is, worms, viri, rootkits, or spyware can have, as part of their program, a means to open a backdoor. And although the term 'trojan' probably gets misused more than anything, a trojan is something that looks like one thing, but is really another. Nowadays, I would classify a trojan as mainly email attachments that, for example, have naked pictures of Anna Kournikova, but really contains a keylogger (or other malware).Quote:
i also heard backdoors can be worms
Hi,
I did read the links that u guys have posted , but I still have doubts!!!
I typed in netstat -an
Proto Local Address Foreign Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1027 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1028 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1098 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1276 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1278 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1282 0.0.0.0:0 LISTENING
TCP 0.0.0.0:4358 0.0.0.0:0 LISTENING
TCP 0.0.0.0:4365 0.0.0.0:0 LISTENING
TCP 0.0.0.0:4878 0.0.0.0:0 LISTENING
TCP 0.0.0.0:4879 0.0.0.0:0 LISTENING
TCP 0.0.0.0:4897 0.0.0.0:0 LISTENING
TCP 127.0.0.1:445 127.0.0.1:4897 ESTABLISHED
TCP 127.0.0.1:4897 127.0.0.1:445 ESTABLISHED
What does this mean.?
UDP 0.0.0.0:2967 *:*
UDP 127.0.0.1:1038 *:*
UDP 10.0.0.1:1038 *:*
Also what does *:* mean and why is it for UDP
MRG
Hi,
I did read the links that u guys have posted , but I still have doubts!!!
I typed in netstat -an
Proto Local Address Foreign Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1027 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1028 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1098 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1276 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1278 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1282 0.0.0.0:0 LISTENING
TCP 0.0.0.0:4358 0.0.0.0:0 LISTENING
TCP 0.0.0.0:4365 0.0.0.0:0 LISTENING
TCP 0.0.0.0:4878 0.0.0.0:0 LISTENING
TCP 0.0.0.0:4879 0.0.0.0:0 LISTENING
TCP 0.0.0.0:4897 0.0.0.0:0 LISTENING
TCP 127.0.0.1:445 127.0.0.1:4897 ESTABLISHED
TCP 127.0.0.1:4897 127.0.0.1:445 ESTABLISHED
What does this mean.?
UDP 0.0.0.0:2967 *:*
UDP 127.0.0.1:1038 *:*
UDP 10.0.0.1:1038 *:*
Also what does *:* mean and why is it for UDP
MRG