Finding hidden backdoors
From: Daniel B. Cid (danielcid_at_yahoo.com.br)
Date: 07/31/03
- Previous message: Terry: "Re[2]: IP address allocation"
- Next in thread: Tim Greer: "Re: Finding hidden backdoors"
- Reply: Tim Greer: "Re: Finding hidden backdoors"
- Maybe reply: Michael Silk: "RE: Finding hidden backdoors"
- Reply: Thomas Ng: "RE: Finding hidden backdoors"
- Reply: Matt Simmons: "Re: Finding hidden backdoors"
- Reply: Simon Smith: "Re: Finding hidden backdoors"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: security-basics@securityfocus.com Date: 31 Jul 2003 16:18:46 -0400
I saw some people talking about rootkits that hidden process/ports.
One think that i always do to see what ports are open is to run this
perl script:
use IO::Socket;
for($i=0;$i<=65555;$i++)
{
$server[$i] = IO::Socket::INET->new(
Proto => 'tcp',
LocalPort => $i,
Listen => SOMAXCONN,
Reuse => 1) or print "Port $i Open \n" unless $server[$i];
close ($server[$i]);
}
This is good because if "netstat" or "lsof" or "fuser" or any other
program is trojaned , or if it has any firewall and nmap is not finding
all the open ports, this script will show ... The other benefit is that
you cant hidden from it using any LKM code...
What do you thing ?
thanks
Daniel B. Cid
---------------------------------------------------------------------------
----------------------------------------------------------------------------
- Previous message: Terry: "Re[2]: IP address allocation"
- Next in thread: Tim Greer: "Re: Finding hidden backdoors"
- Reply: Tim Greer: "Re: Finding hidden backdoors"
- Maybe reply: Michael Silk: "RE: Finding hidden backdoors"
- Reply: Thomas Ng: "RE: Finding hidden backdoors"
- Reply: Matt Simmons: "Re: Finding hidden backdoors"
- Reply: Simon Smith: "Re: Finding hidden backdoors"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
