Security Basics: Re: Hidden Ports

[Alessandro <alessandro () sideralis net>]

In kernel (2.4) space you can hook the ip_recv routine in 
net/ipv4/ip_input.c and get the packet before it will be delivered to 
the tcp entity.
To use static or unexported function or variable, you can access them 
directly by kernel memory, getting their address with objdump -d vmlinux
To make the hook you can use the cesari's method.
When a packet comes to this function you can do whatever you want, and 
then return to the original function.
If you have other question, i'm here.. and if you think i said something 
wrong.. pls tell me.
------------------------------------------------------
Alessandor - www.sideralis.net



Eduardo Sorensen wrote:

> Can a port scanner not see a port that is opened?
>
> The question is: can a backdoor be on a machine, and with nmap -p 1-,
> for example, you couldn't see it?
>
> Thank you,
> Eduardo
>
>
> ---------------------------------------------------------------------------
> Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off 
> any course! All of our class sizes are guaranteed to be 10 students or 
> less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion 
> Prevention, and many other technical hands on courses. Visit us at 
> http://www.infosecinstitute.com/securityfocus to get $720 off any 
> course!  
> ---------------------------------------------------------------------------- 
>
>
>  


---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any 
course! All of our class sizes are guaranteed to be 10 students or less. 
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, 
and many other technical hands on courses. 
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off 
any course!  
----------------------------------------------------------------------------