Manual Quote: This utility can be useful for detecting "trojan" programs (backdoors).
What actually is the process for detecting trojans or worms? Beyond monitoring the connection monitor screen minute by minute and knowing every IP address one is connected to, is there some indication one is being hacked?
Manual Quote: Backdoors are remote-administration hacker tools that allow administrate remote computers on a network. The difference of backdoors from commercial network administration software is the silent installation and execution.
Is there some indication as to what application on my computer each connection is running, which would signify unauthorized use or hacking?
detecting trojans
>What actually is the process for detecting trojans or worms? Beyond monitoring the connection monitor screen minute by minute and knowing every IP address one is connected to, is there some indication one is being hacked?
Usually backdoor programs open some port to allow bad guys send commands to the trojan. You can take a look on ports with "LISTENING" status (you can exclude local addresses "0.0.0.0" and "127.0.0.1"). Normally on workstation you have just several ports opened (e.g. 137,138,139 - NetBIOS protocol), or even does not have any listening ports. If your system running Web/FTP server, you can have opened 80/21 port. If you see some listening ports and you don't know what service uses it, its reason for investigation.
>Is there some indication as to what application on my computer each connection is running, which would signify unauthorized use or hacking?
I don't know any documented method to retrieve this information. Of course, program can change winsock.dll and have any information, but its not correctly and can have effect to all system and any other program.
Regards
Alex
<font size=-1>[ This Message was edited by: KS-Soft on 2002-11-14 00:24 ]</font>
Usually backdoor programs open some port to allow bad guys send commands to the trojan. You can take a look on ports with "LISTENING" status (you can exclude local addresses "0.0.0.0" and "127.0.0.1"). Normally on workstation you have just several ports opened (e.g. 137,138,139 - NetBIOS protocol), or even does not have any listening ports. If your system running Web/FTP server, you can have opened 80/21 port. If you see some listening ports and you don't know what service uses it, its reason for investigation.
>Is there some indication as to what application on my computer each connection is running, which would signify unauthorized use or hacking?
I don't know any documented method to retrieve this information. Of course, program can change winsock.dll and have any information, but its not correctly and can have effect to all system and any other program.
Regards
Alex
<font size=-1>[ This Message was edited by: KS-Soft on 2002-11-14 00:24 ]</font>