Re: Hidden Ports

• Previous message: Jeff McLaughlin: "RE: Outpost firewall Pro 2.0.238.3121(290) has Back Orifice troja n program"
• In reply to: Eduardo Sorensen: "Hidden Ports"
• Next in thread: Dimitri Bertolami: "RE: Hidden Ports"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 03 Feb 2004 15:21:25 -0500
To: Eduardo Sorensen <ovo@osite.com.br>

Eduardo Sorensen wrote:

> Can a port scanner not see a port that is opened?
>
> The question is: can a backdoor be on a machine, and with nmap -p 1-,
> for example, you couldn't see it?
>
A backdoor could certainly be constructed that way, though I'm not aware
of any that are "out of the box". For example, I could build a backdoor
that does not listen on any port until it detects connection attempts to
closed ports 1026,1027,1029,1034,1026,1044 and 1035 in that sequence
within 5 seconds, then listens on port 60006 for 10 seconds.

Here's a site that describes the concept in more detail:
http://www.portknocking.org/

Like I said, though, I'm not aware of any specific backdoor (other than
one I've seen built in a lab :-)) that does this.

Regards,

Geoff

---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any
course! All of our class sizes are guaranteed to be 10 students or less.
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention,
and many other technical hands on courses.
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off
any course!
----------------------------------------------------------------------------

• Previous message: Jeff McLaughlin: "RE: Outpost firewall Pro 2.0.238.3121(290) has Back Orifice troja n program"
• In reply to: Eduardo Sorensen: "Hidden Ports"
• Next in thread: Dimitri Bertolami: "RE: Hidden Ports"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]