1 / 4

Remote Control and Advanced Techniques

Remote Control and Advanced Techniques. Remote Control Software. What do they do? Connect through dial-in and/or TCP/IP. Replicate remote screen on local machine ( graphical ) Allow running graphical, text-based application in remote machine, displaying the results in the local machine.

vidal
Télécharger la présentation

Remote Control and Advanced Techniques

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Remote Control and Advanced Techniques

  2. Remote Control Software • What do they do? • Connect through dial-in and/or TCP/IP. • Replicate remote screen on local machine (graphical) • Allow running graphical, text-based application in remote machine, displaying the results in the local machine. • A variety of applications, most with free download as demo. • pcAnywhere is one of the pioneers and very popular. • VNC is also very popular because it is cross-platform and free. • Discovering and connecting to remote control software • Use Nmap or Superscan to search for ports 22, 799, 800, 1494, 2000, 2001, 5631, 5632, 5800, 5801, 5900, 5901, 43188, 65301 • Once software is identified download free demo and try brute force. • Major weakness: only password is encrypted, traffic is compressed, only. • Countermeasures: strong password (again), encrypt traffic (SSL, SSN, etc.), limit and log login attempts, change default listening port. In dial-in use: logoff user with call completion.

  3. Advanced Techniques • Adding to what we have seen before: • Trojans: we have seen that BO, NetBus and SubSeven are the most common Trojan, backdoor hacker tools. • TCP/IP ports: official , Internet services. Different from protocol ports. • Trojan ports: list , more details, and resources. • Port listening software: netstat, Active Ports (example), BackOfficer Friendly (example). • Checking and removing Trojans: Symantec on-line check (example), Moosoft Cleaner shareware. • Weeding out rogue processes: Windows Task Manager, Linux ps –aux • Be aware of traps: Whack-A-Mole (pseudo game), BoSniffer (BO in disguise), eLiTeWrap (packs Trojans as exe). Generic: download, scan for virus, then execute, do not run from Internet. • Rootkits: Difficult to detect • keep a record of your files using Tripwire, • create image of your hard-drive: hardware and software solutions (Norton Ghost, Drive Image).

  4. Other Techniques • TCP hijacking • Juggernaut: spy on a TCP connection and issue commands as the logged user. • Hunt: spy on a TCP connection (works with shared and switched nets). • Countermeasures: encrypted protocols such as IPSec, SSH. • TFTP: Trivial File Transfer Protocol. • Used by routers, and there are free servers for Windows. • Standard client in Windows 2000: tftp.exe protected by Windows File Protection so it can't be removed. See use here. • Prevent its use by Nimda : • Edit the services file: %systemroot%/system32/drivers/etc/services • Find this line: tftp 69/udp • Replace it with: tftp 0/udp • Social Engineering • Help desk information: on the Web, e-mail, voice • User information: on the Web, e-mail, voice

More Related