Finding hidden backdoors

From: Daniel B. Cid (danielcid_at_yahoo.com.br)
Date: 07/31/03

  • Next message: Alcides Ricardo Martinez: "RE: Encrypted File Systems"
    To: security-basics@securityfocus.com
    Date: 31 Jul 2003 16:18:46 -0400
    
    

    I saw some people talking about rootkits that hidden process/ports.
    One think that i always do to see what ports are open is to run this
    perl script:

    use IO::Socket;
    for($i=0;$i<=65555;$i++)
            {
            $server[$i] = IO::Socket::INET->new(
            Proto => 'tcp',
            LocalPort => $i,
            Listen => SOMAXCONN,
            Reuse => 1) or print "Port $i Open \n" unless $server[$i];
            close ($server[$i]);
            }

    This is good because if "netstat" or "lsof" or "fuser" or any other
    program is trojaned , or if it has any firewall and nmap is not finding
    all the open ports, this script will show ... The other benefit is that
    you cant hidden from it using any LKM code...
    What do you thing ?

    thanks

    Daniel B. Cid

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------


  • Next message: Alcides Ricardo Martinez: "RE: Encrypted File Systems"

    Relevant Pages

    • Re: Finding hidden backdoors
      ... quarterly security audits by a third party. ... >I saw some people talking about rootkits that hidden process/ports. ... >all the open ports, ...
      (Security-Basics)
    • Re: Need help from Perl expert
      ... > I am new to Perl and currently trying to debug a Perl script. ... @ports that is being 'considered'. ... @ports consists of an array of references) ... i.e. it will suck out all of the arrayrefs that have "foo" as the ...
      (comp.lang.perl.misc)
    • Re: Finding hidden backdoors
      ... "Why are my first 1024 ports open???" ... Nice script:) Thanks! ... > I saw some people talking about rootkits that hidden process/ports. ... > all the open ports, ...
      (Security-Basics)
    • perl & MSSQL
      ... I need to get an access to MSSQL 2000 SP3 from my perl script. ... ports. ... use DBI; ...
      (freebsd-questions)
    • Re: "make readmes" no longer builds individual ports README.html files?
      ... Trying to construct the ports' README.html files with: ... When you "make readmes" from the top level the per port files are ... created by a perl script ...
      (freebsd-questions)