Advanced Techniques

• Adding to what we have seen before:

  • Trojans: we have seen that BO, NetBus and SubSeven are the most common Trojan, backdoor hacker tools.
    • TCP/IP ports: official , Internet services. Different from protocol ports.
    • Trojan ports: list , more details, and resources.
    • Port listening software: netstat, Active Ports (example), BackOfficer Friendly (example).
    • Checking and removing Trojans: Symantec on-line check (example), Moosoft Cleaner shareware.
    • Weeding out rogue processes: Windows Task Manager, Linux ps –aux
    • Be aware of traps: Whack-A-Mole (pseudo game), BoSniffer (BO in disguise), eLiTeWrap (packs Trojans as exe). Generic: download, scan for virus, then execute, do not run from Internet.
  • Rootkits: Difficult to detect
    • keep a record of your files using Tripwire,
    • create image of your hard-drive: hardware and software solutions (Norton Ghost, Drive Image).

Previous slide

Next slide

Back to first slide

View graphic version