Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Hidden Ports

From: "David J. Bianco" <bianco () jlab org>
Date: Thu, 05 Feb 2004 08:02:14 -0500


Michael Painter wrote:

Some tools also look for


connections to ports in certain order (eg, the same host contacts port
80, port 22 and then port 443 within a few seconds).  <<
Wouldn't you be able, in say, Windows 2000, to see the Process running which would be looking for this sequence? 

Not necessarily.  These tools are often part of a rootkit, which would
naturally hide itself.  In fact, they usually load as part of the OS
kernel, and not as a process.

        David

--
David J. Bianco, GSEC GCUX GCIH         <bianco () jlab org>
Thomas Jefferson National Accelerator Facility
GPG Fingerprint:  516A B80D AAB3 1617 A340  227A 723B BFBE B395 33BA

     The views expressed herein are solely those of the author and
            not those of SURA/Jefferson Lab or the US DOE.



---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any course! All of our class sizes are guaranteed to be 10 students or less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off any course! ----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: