Security Basics mailing list archives

Re: [work] Hidden Ports

From: opticfiber <opticfiber () topsight net>
Date: Tue, 03 Feb 2004 22:05:33 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Kernal based root kits can use any open port, even if it's already
being used by a program. So yes and no - the port will respond as
normal unless fed a predefined string so if you're using a program
like nessus to scan, the port will apear open, but it will also appear
to be opened by a legitimate program. See
http://www.topsight.net/article.php?story=20030310070350436&query=rootkit
for a better explanation.

will


Eduardo Sorensen wrote:

| Can a port scanner not see a port that is opened?
|
| The question is: can a backdoor be on a machine, and with nmap -p
| 1-, for example, you couldn't see it?
|
| Thank you, Eduardo
|
|
|

----------------------------------------------------------------------------

|  Ethical Hacking at InfoSec Institute. Mention this ad and get $720
|
off any
| course! All of our class sizes are guaranteed to be 10 students or
| less. We provide Ethical Hacking, Advanced Ethical Hacking,
| Intrusion
Prevention,
| and many other technical hands on courses. Visit us at
| http://www.infosecinstitute.com/securityfocus to get $720
off
| any course!
|

-----------------------------------------------------------------------------

|
|
|
|
|

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iQEVAwUBQCBhffDZRbtbKLDfAQIxbQgAjaGd2T19GtOvRhACYbDXDyA56hkiWfcF
x0HT/eEU+54B/DaQzVVMt47D225Wvy6TJJeBSFpaitzcTzBoqVlAWkwFByi7Rz3a
Wky4NgI0kgwgZbjzXVc+IYSDJQoUqAJxxJwv71BO1KRoOAbTVBOnR6Vqj3f4ClM8
BzMUmzgRcV8EdQyxj1zPzbpewBP1DdaSwcyVCkBr1v5s9zR55dKyJRjKUfRAOxQW
FvmrNEQpD9wrR28nbKdbrAOanlwLFUUgSEHx3oW9cJHImkWnEcwNnRGBsuOou+wt
dYOy/r2gdnR9/HXN4hRY7HfaJHSxGAfNFl4xtJENpADFm15/pWc2xw==
=ChGR
-----END PGP SIGNATURE-----



---------------------------------------------------------------------------

Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off anycourse! All of our class sizes are guaranteed to be 10 students or less.We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention,and many other technical hands on courses.Visit us at http://www.infosecinstitute.com/securityfocus to get $720 offany course!----------------------------------------------------------------------------

Current thread:

Re: Hidden Ports, (continued)
- - Re: Hidden Ports Jamie Pratt (Feb 06)
- Re: Hidden Ports David J. Bianco (Feb 04)
  - Re: Hidden Ports Michael Painter (Feb 05)
    - Re: Hidden Ports David J. Bianco (Feb 05)
    - Re: Hidden Ports Michael Painter (Feb 06)
  - Re: Hidden Ports vrsnet (Feb 06)
- Necessary ports and not necessary ports Benawi (Feb 05)
  - Securing Windows Server 2003 [was: Necessary ports and not necessary ports] Joey Peloquin (Feb 05)
  - Re: Necessary ports and not necessary ports JGrimshaw (Feb 06)
  - Re: Necessary ports and not necessary ports NSC (Feb 06)
- Re: [work] Hidden Ports opticfiber (Feb 05)
- Re: Hidden Ports Vincent (Feb 06)
- Re: Hidden Ports Alessandro (Feb 04)
- Re: Hidden Ports H Carvey (Feb 05)
- Re: Hidden Ports H Carvey (Feb 06)
  - RE: Hidden Ports Dimitri Bertolami (Feb 06)
    - Re: Hidden Ports Michael Painter (Feb 09)
    - RE: Hidden Ports Aditya [ Aditya Lalit Deshmukh ] (Feb 10)
- Re: Hidden Ports H Carvey (Feb 06)
- Re: Hidden Ports H Carvey (Feb 09)