Sniffers, Session Hijacking, and Denial of Service
Trojans and Backdoors
- Trojans are programs that pretend to do one thing but when loaded actually perform another more malicious act.
Table FF.4. Remote Control Programs and Their Default Ports
Name
Default Protocol
Default Port
Back Orifice
UDP
31337
Back Orifice 2000
TCP/UDP
54320/54321
Beast
TCP
6666
Citrix ICA
TCP/UDP
1494
Donald Dick
TCP
23476/23477
Loki
ICMP
NA
Masters Paradise
TCP
40421/40422/40426
Netmeeting Remote Desktop Control
TCP/UDP
49608/49609
NetBus
TCP
12345
Netcat
TCP/UDP
Any
pcAnywhere
TCP
5631/5632/65301
Reachout
TCP
43188
Remotely Anywhere
TCP
2000/2001
Remote
TCP/UDP
135139
Timbuktu
TCP/UDP
407
VNC
TCP/UDP
5800/5801
- Email attachments are the number one means of malware propagation.
- A wrapper is a program used to combine two or more executables into a single packaged program.
- A covert channel is a means of moving information in a manner in which it was not intended.
- Port redirection works by listening on certain ports and then forwarding the packets to a secondary target. Some of the tools used for port redirection include datapipe, fpipe, and Netcat.
|
Netcat Switch |
Purpose |
|---|---|
|
nc -d |
Used to detach Netcat from the console |
|
nc -l -p [port] |
Used to create a simple listening TCP port, adding u will place it into UDP mode |
|
nc -e [program] |
Used to redirect stdin/stdout from a program |
|
nc -w [timeout] |
Used to set a timeout before Netcat automatically quits |
|
Program | nc |
Used to pipe output of program to Netcat |
|
nc | program |
Used to pipe output of Netcat to program |
|
nc -h |
Used to display help options |
|
nc -v |
Used to put Netcat into verbose mode |
|
nc -g or nc -G |
Used to specify source routing flags |
|
nc -t |
Used for Telnet negotiation |
|
nc -o [file] |
Used to hex dump traffic to file |
|
nc -z |
Used for port scanning, no I/O i |
Sniffers
|