KS-Soft. Network Management Solutions
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister    ProfileProfile    Log inLog in 

detecting trojans

 
Post new topic   Reply to topic    KS-Soft Forum Index -> IP-Tools
View previous topic :: View next topic  
Author Message
SRW



Joined: 11 Nov 2002
Posts: 3

PostPosted: Wed Nov 13, 2002 12:55 am    Post subject: Reply with quote

Manual Quote: This utility can be useful for detecting "trojan" programs (backdoors).

What actually is the process for detecting trojans or worms? Beyond monitoring the connection monitor screen minute by minute and knowing every IP address one is connected to, is there some indication one is being hacked?

Manual Quote: Backdoors are remote-administration hacker tools that allow administrate remote computers on a network. The difference of backdoors from commercial network administration software is the silent installation and execution.

Is there some indication as to what application on my computer each connection is running, which would signify unauthorized use or hacking?
Back to top
View user's profile Send private message
KS-Soft



Joined: 03 Apr 2002
Posts: 12792
Location: USA

PostPosted: Thu Nov 14, 2002 1:24 am    Post subject: Reply with quote

>What actually is the process for detecting trojans or worms? Beyond monitoring the connection monitor screen minute by minute and knowing every IP address one is connected to, is there some indication one is being hacked?

Usually backdoor programs open some port to allow bad guys send commands to the trojan. You can take a look on ports with "LISTENING" status (you can exclude local addresses "0.0.0.0" and "127.0.0.1"). Normally on workstation you have just several ports opened (e.g. 137,138,139 - NetBIOS protocol), or even does not have any listening ports. If your system running Web/FTP server, you can have opened 80/21 port. If you see some listening ports and you don't know what service uses it, its reason for investigation.

>Is there some indication as to what application on my computer each connection is running, which would signify unauthorized use or hacking?

I don't know any documented method to retrieve this information. Of course, program can change winsock.dll and have any information, but its not correctly and can have effect to all system and any other program.

Regards
Alex

[ This Message was edited by: KS-Soft on 2002-11-14 00:24 ]
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    KS-Soft Forum Index -> IP-Tools All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group

KS-Soft Forum Index