Security Incidents: "closed-port" backdoors

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

"closed-port" backdoors

From: Andreas Hasenack <andreas () CONECTIVA COM BR>
Date: Wed, 21 Mar 2001 17:03:49 -0300

Has somebody seen in the wild a type of backdoor where
no ports are open until a specifig set of packets are sent
to the machine?
For example, the backdoor would only bind to port X if
the machine receives SYN packets to three other ports in
sequence. I've seen code to do this (and sorry if it's not
new), but I haven't seen rootkits using it.

By Date By Thread

Current thread:

"closed-port" backdoors Andreas Hasenack (Mar 21)
- Virus sig? John R. Sciandra (Mar 22)
- Re: "closed-port" backdoors Alexander Reelsen (Mar 22)
- Re: "closed-port" backdoors Fernando Cardoso (Mar 22)
- Re: "closed-port" backdoors Valdis Kletnieks (Mar 22)
  - Re: "closed-port" backdoors Andreas Hasenack (Mar 22)