Re: Hidden Ports

[Geoff Beier <geoff () mollyandgeoff com>]

Eduardo Sorensen wrote:

> Can a port scanner not see a port that is opened?
>
> The question is: can a backdoor be on a machine, and with nmap -p 1-,
> for example, you couldn't see it?
A backdoor could certainly be constructed that way, though I'm not aware 
of any that are "out of the box". For example, I could build a backdoor 
that does not listen on any port until it detects connection attempts to 
closed ports 1026,1027,1029,1034,1026,1044 and 1035 in that sequence 
within 5 seconds, then listens on port 60006 for 10 seconds.

Here's a site that describes the concept in more detail:
http://www.portknocking.org/

Like I said, though, I'm not aware of any specific backdoor (other than 
one I've seen built in a lab :-)) that does this.

Regards,

Geoff

---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any 
course! All of our class sizes are guaranteed to be 10 students or less. 
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, 
and many other technical hands on courses. 
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off 
any course!  
----------------------------------------------------------------------------