Remote Control Software

• What do they do?

  • Connect through dial-in and/or TCP/IP.
  • Replicate remote screen on local machine (graphical)
  • Allow running graphical, text-based application in remote machine, displaying the results in the local machine.

• A variety of applications, most with free download as demo.

  • pcAnywhere is one of the pioneers and very popular.
  • VNC is also very popular because it is cross-platform and free.

• Discovering and connecting to remote control software

  • Use Nmap or Superscan to search for ports 22, 799, 800, 1494, 2000, 2001, 5631, 5632, 5800, 5801, 5900, 5901, 43188, 65301
  • Once software is identified download free demo and try brute force.
  • Major weakness: only password is encrypted, traffic is compressed, only.

• Countermeasures: strong password (again), encrypt traffic (SSL, SSN, etc.), limit and log login attempts, change default listening port. In dial-in use: logoff user with call completion.

Previous slide

Next slide

Back to first slide

View graphic version