Security Basics mailing list archives
Re: [work] Hidden Ports
From: opticfiber <opticfiber () topsight net>
Date: Tue, 03 Feb 2004 22:05:33 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Kernal based root kits can use any open port, even if it's already being used by a program. So yes and no - the port will respond as normal unless fed a predefined string so if you're using a program like nessus to scan, the port will apear open, but it will also appear to be opened by a legitimate program. See http://www.topsight.net/article.php?story=20030310070350436&query=rootkit for a better explanation. will Eduardo Sorensen wrote: | Can a port scanner not see a port that is opened? | | The question is: can a backdoor be on a machine, and with nmap -p | 1-, for example, you couldn't see it? | | Thank you, Eduardo | | |- ---------------------------------------------------------------------------
| Ethical Hacking at InfoSec Institute. Mention this ad and get $720 | off any | course! All of our class sizes are guaranteed to be 10 students or | less. We provide Ethical Hacking, Advanced Ethical Hacking, | Intrusion Prevention, | and many other technical hands on courses. Visit us at | http://www.infosecinstitute.com/securityfocus to get $720 off | any course! |- ----------------------------------------------------------------------------
| | | | | -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iQEVAwUBQCBhffDZRbtbKLDfAQIxbQgAjaGd2T19GtOvRhACYbDXDyA56hkiWfcF x0HT/eEU+54B/DaQzVVMt47D225Wvy6TJJeBSFpaitzcTzBoqVlAWkwFByi7Rz3a Wky4NgI0kgwgZbjzXVc+IYSDJQoUqAJxxJwv71BO1KRoOAbTVBOnR6Vqj3f4ClM8 BzMUmzgRcV8EdQyxj1zPzbpewBP1DdaSwcyVCkBr1v5s9zR55dKyJRjKUfRAOxQW FvmrNEQpD9wrR28nbKdbrAOanlwLFUUgSEHx3oW9cJHImkWnEcwNnRGBsuOou+wt dYOy/r2gdnR9/HXN4hRY7HfaJHSxGAfNFl4xtJENpADFm15/pWc2xw== =ChGR -----END PGP SIGNATURE----- ---------------------------------------------------------------------------Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any course! All of our class sizes are guaranteed to be 10 students or less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off any course! ----------------------------------------------------------------------------
Current thread:
- Re: Hidden Ports, (continued)
- Re: Hidden Ports Jamie Pratt (Feb 06)
- Re: Hidden Ports David J. Bianco (Feb 04)
- Re: Hidden Ports Michael Painter (Feb 05)
- Re: Hidden Ports David J. Bianco (Feb 05)
- Re: Hidden Ports Michael Painter (Feb 06)
- Re: Hidden Ports Michael Painter (Feb 05)
- Re: Hidden Ports vrsnet (Feb 06)
- Necessary ports and not necessary ports Benawi (Feb 05)
- Securing Windows Server 2003 [was: Necessary ports and not necessary ports] Joey Peloquin (Feb 05)
- Re: Necessary ports and not necessary ports JGrimshaw (Feb 06)
- Re: Necessary ports and not necessary ports NSC (Feb 06)
- Re: [work] Hidden Ports opticfiber (Feb 05)
- Re: Hidden Ports Vincent (Feb 06)
- Re: Hidden Ports Alessandro (Feb 04)
- Re: Hidden Ports H Carvey (Feb 05)
- Re: Hidden Ports H Carvey (Feb 06)
- RE: Hidden Ports Dimitri Bertolami (Feb 06)
- Re: Hidden Ports Michael Painter (Feb 09)
- RE: Hidden Ports Aditya [ Aditya Lalit Deshmukh ] (Feb 10)
- RE: Hidden Ports Dimitri Bertolami (Feb 06)