Security Basics mailing list archives

RE: Hidden Ports

From: "Dimitri Bertolami" <Dimitri () staf pi be>
Date: Tue, 3 Feb 2004 19:49:20 +0100

http://www.pestpatrol.com/pestinfo/p/ping_door.asp

this is one of the best backdoors ;-)

you have to ping the compromised host with a certain packetsize (or
packettype, like SYN) before it will open the
port.so a simple nmap on the target won't reveal the opened port...
good antivirus detects this, but a good hacker can also make this undetected
for antivirussoftware by only changing
a couple of bytes with any free hexeditor software. so to make sure you got
rid of the virus completely :

format c:\

hope this was an interesting read for the group ,


kind regards,
Dimitri Bertolami
Secondline Team
Scarlet NV.


-----Original Message-----
From: Eduardo Sorensen [mailto:ovo () osite com br]
Sent: dinsdag 3 februari 2004 18:46
To: security-basics () securityfocus com
Subject: Hidden Ports


Can a port scanner not see a port that is opened?

The question is: can a backdoor be on a machine, and with nmap -p 1-,
for example, you couldn't see it?

Thank you,
Eduardo


---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any
course! All of our class sizes are guaranteed to be 10 students or less.
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention,
and many other technical hands on courses.
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off
any course!
----------------------------------------------------------------------------


---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any 
course! All of our class sizes are guaranteed to be 10 students or less. 
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, 
and many other technical hands on courses. 
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off 
any course!  
----------------------------------------------------------------------------

Current thread:

Hidden Ports Eduardo Sorensen (Feb 03)
- Re: Hidden Ports Alejandro Flores (Feb 04)
- Re: Hidden Ports Geoff Beier (Feb 04)
- RE: Hidden Ports Dimitri Bertolami (Feb 04)
- RE: Hidden Ports nate (Feb 04)
  - Re: Hidden Ports Jamie Pratt (Feb 06)
- Re: Hidden Ports David J. Bianco (Feb 04)
  - Re: Hidden Ports Michael Painter (Feb 05)
    - Re: Hidden Ports David J. Bianco (Feb 05)
    - Re: Hidden Ports Michael Painter (Feb 06)
  - Re: Hidden Ports vrsnet (Feb 06)
- Necessary ports and not necessary ports Benawi (Feb 05)
  - Securing Windows Server 2003 [was: Necessary ports and not necessary ports] Joey Peloquin (Feb 05)
  - Re: Necessary ports and not necessary ports JGrimshaw (Feb 06)

(Thread continues...)