Re: Hidden Ports

From: Alessandro (alessandro_at_sideralis.net)
Date: 02/03/04

  • Next message: Mike: "RE: Outpost firewall Pro 2.0.238.3121(290) has Back Orifice trojan program"
    Date: Tue, 03 Feb 2004 22:55:46 +0100
    To: security-basics@securityfocus.com
    
    

    In kernel (2.4) space you can hook the ip_recv routine in
    net/ipv4/ip_input.c and get the packet before it will be delivered to
    the tcp entity.
    To use static or unexported function or variable, you can access them
    directly by kernel memory, getting their address with objdump -d vmlinux
    To make the hook you can use the cesari's method.
    When a packet comes to this function you can do whatever you want, and
    then return to the original function.
    If you have other question, i'm here.. and if you think i said something
    wrong.. pls tell me.
    ------------------------------------------------------
    Alessandor - www.sideralis.net

    Eduardo Sorensen wrote:

    > Can a port scanner not see a port that is opened?
    >
    > The question is: can a backdoor be on a machine, and with nmap -p 1-,
    > for example, you couldn't see it?
    >
    > Thank you,
    > Eduardo
    >
    >
    > ---------------------------------------------------------------------------
    > Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off
    > any course! All of our class sizes are guaranteed to be 10 students or
    > less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion
    > Prevention, and many other technical hands on courses. Visit us at
    > http://www.infosecinstitute.com/securityfocus to get $720 off any
    > course!
    > ----------------------------------------------------------------------------
    >
    >
    >
    >
    >

    ---------------------------------------------------------------------------
    Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any
    course! All of our class sizes are guaranteed to be 10 students or less.
    We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention,
    and many other technical hands on courses.
    Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off
    any course!
    ----------------------------------------------------------------------------


  • Next message: Mike: "RE: Outpost firewall Pro 2.0.238.3121(290) has Back Orifice trojan program"

    Relevant Pages

    • Re: *warning* student question
      ... understanding how these interact in a TCP session, ... If you can craft a packet, any packet, then you can use it to your ... > buddy of mine and I as a self-study in the Network Lab. ... > We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion ...
      (Security-Basics)
    • RE: Stateful Packet Inspection
      ... probe was aimed at ignored the packet completely, ... > Ethical Hacking at the InfoSec Institute. ... Attend a course taught by an expert instructor with years of in-the-field ...
      (Security-Basics)
    • Re: Hidden Ports
      ... they usually load as part of the OS ... > kernel, ... Ahh, I see...I obviously have a lot to learn. ... We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, ...
      (Security-Basics)