IDS mailing list archives

Re: backdoor detection

From: "Ramesh Gupta" <ramesh () intruvert com>
Date: Fri, 27 Dec 2002 16:30:17 -0800 (PST)

The best and most accurate way to detect non-encrypted backdoors is by
performing thorough content analysis of each packet of each flow, which
requires considerable computing cycles when performed in software, unless
assisted by hardware acceleration.

For detecting encrypted backdoors, one has to resort
to statistical or timing analysis of traffic and anomaly detection methods.

The following paper outlines some content analysis methods
and a timing analysis method for detecting backdoors,
which you might find useful. Also, the References section
of the paper points to other relevant papers.

www.icir.org/vern/papers/backdoor-sec00.ps.gz


Regards,

Ramesh Gupta
Founder, VP Engineering
Intruvert Networks Inc.
3200-A North First Street
San Jose, CA 95134

Hi all,
   It's known backdoor is difficult to detection.
Who can give some methods availble to detect backdoor?


thanks!
lucy

__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com

Current thread:

backdoor detection lee lucy (Dec 27)
- Re: backdoor detection Mattias Hedenskog (Dec 29)
- <Possible follow-ups>
- Re: backdoor detection Ramesh Gupta (Dec 29)
  - Re: backdoor detection Jose Nazario (Dec 30)