How can you find out if a program has a "backdoor". - GoFuckYourself.com

xlogger · 01-17-2005, 10:35 AM

Anyone know? Please help. How do you know if a prgram that you got doesnt have a backdoor.

Some one told me this..."install zonelabs firewall then start the .exe if the firewall says it try to connect to an ip then its backdoored"

Is he rite? or is that bad info.

StuartD · 01-17-2005, 10:37 AM

Depending on the program you're trying to run, but yeah... if you have something that doesn't need the inernet, and you run it and it tries to establish a connection to something.... chances are it's a backdoor into your system

AgentCash · 01-17-2005, 10:37 AM

Depends on what the program is... zonealarm will alert you when any program tries to connect, so even if it's just connecting to check for updates or any number of other things, it will alert you the first time.

xlogger · 01-17-2005, 10:44 AM

Ok i open up this program and its traying to connect to this proxy (or ip) 24.92.32.22

And zonelabs firewall tells me its taying to connect.

SmokeyTheBear · 01-17-2005, 11:08 AM

many times a program will just talk to the internet to find software updates , nothing wrong with that.. But to be sure , i would get a packet sniffer and sniff the packets being sent when you run the program..

xlogger · 01-17-2005, 11:10 AM

No this is a "special" program (and its cracked) i got that some people use. And it has been said it some version have backdoors.

SmokeyTheBear · 01-17-2005, 11:11 AM

Is that paltalk your using ??

xlogger · 01-17-2005, 11:12 AM

Quote:

Originally Posted by SmokeyTheBear

Is that paltalk your using ??

nah its not.

jukeboxfrank · 01-17-2005, 11:14 AM

You may not be able to understand the data packet from the sniffer but you can check out the IP addresses the program is connecting to. Most backdoors will connect to an IRC channel.

SmokeyTheBear · 01-17-2005, 11:17 AM

That ip looks like a personal ip from raodrunner time warner cable .. looks fishy to me.. I did a google on it and it has been used by personal ip's from an isp mainly.. I doubt it is anything legit.

SmokeyTheBear · 01-17-2005, 11:19 AM

Try this tool out http://www.ethereal.com/distribution/win32/

xlogger · 01-17-2005, 11:20 AM

Quote:

Originally Posted by jukeboxfrank

You may not be able to understand the data packet from the sniffer but you can check out the IP addresses the program is connecting to. Most backdoors will connect to an IRC channel.

It seems to connect to one proxy. Which is:

24.92.32.22
http://whois.sc/24.92.32.22
http://www.google.com/search?q=%2224...en-US:official

Edit: i think its a proxy..its in here (search for that ip) http://proxy2004.iespana.es/proxy200...SPLIT(164).TXT

xlogger · 01-17-2005, 11:25 AM

o well fuck it, i will nuke that ip and not use the program.

SmokeyTheBear · 01-17-2005, 11:28 AM

If you read the packet it will tel you what is being sent to that ip.. If it is a proxy , they are just forwarding the packet through the proxy , using the sniffer you can find the intended destination

01-17-2005, 10:35 AM	#1
xlogger Confirmed User Join Date: Jul 2004 Location: NY Posts: 9,507	How can you find out if a program has a "backdoor". Anyone know? Please help. How do you know if a prgram that you got doesnt have a backdoor. Some one told me this..."*install zonelabs firewall then start the .exe if the firewall says it try to connect to an ip then its backdoored*" Is he rite? or is that bad info. __________________ ---------- XLOGGER [REFLECTED] [OH]

01-17-2005, 10:37 AM	#2
StuartD Sofa King Band Join Date: Jul 2002 Location: Outside the box Posts: 29,903	Depending on the program you're trying to run, but yeah... if you have something that doesn't need the inernet, and you run it and it tries to establish a connection to something.... chances are it's a backdoor into your system __________________ This is me on facebook This is me on twitter

01-17-2005, 10:44 AM	#4
xlogger Confirmed User Join Date: Jul 2004 Location: NY Posts: 9,507	Ok i open up this program and its traying to connect to this proxy (or ip) 24.92.32.22 And zonelabs firewall tells me its taying to connect. __________________ ---------- XLOGGER [REFLECTED] [OH]

01-17-2005, 11:08 AM	#5
SmokeyTheBear ►SouthOfHeaven Join Date: Jun 2004 Location: PlanetEarth MyBoardRank: GerbilMaster My-Penis-Size: extralarge MyWeapon: Computer Posts: 28,609	many times a program will just talk to the internet to find software updates , nothing wrong with that.. But to be sure , i would get a packet sniffer and sniff the packets being sent when you run the program.. __________________ hatisblack at yahoo.com

01-17-2005, 11:10 AM	#6
xlogger Confirmed User Join Date: Jul 2004 Location: NY Posts: 9,507	No this is a "special" program (and its cracked) i got that some people use. And it has been said it some version have backdoors. __________________ ---------- XLOGGER [REFLECTED] [OH] Last edited by xlogger; 01-17-2005 at 11:11 AM..

01-17-2005, 10:37 AM	#3
AgentCash Confirmed User Join Date: Feb 2002 Posts: 720	Depends on what the program is... zonealarm will alert you when any program tries to connect, so even if it's just connecting to check for updates or any number of other things, it will alert you the first time.

01-17-2005, 11:11 AM	#7
SmokeyTheBear ►SouthOfHeaven Join Date: Jun 2004 Location: PlanetEarth MyBoardRank: GerbilMaster My-Penis-Size: extralarge MyWeapon: Computer Posts: 28,609	Is that paltalk your using ?? __________________ hatisblack at yahoo.com

01-17-2005, 11:14 AM	#9
jukeboxfrank Confirmed User Join Date: Apr 2004 Location: www.jenniferworthington.com Posts: 1,207	You may not be able to understand the data packet from the sniffer but you can check out the IP addresses the program is connecting to. Most backdoors will connect to an IRC channel. __________________ ICQ= 231-182-592

01-17-2005, 11:17 AM	#10
SmokeyTheBear ►SouthOfHeaven Join Date: Jun 2004 Location: PlanetEarth MyBoardRank: GerbilMaster My-Penis-Size: extralarge MyWeapon: Computer Posts: 28,609	That ip looks like a personal ip from raodrunner time warner cable .. looks fishy to me.. I did a google on it and it has been used by personal ip's from an isp mainly.. I doubt it is anything legit. __________________ hatisblack at yahoo.com

01-17-2005, 11:19 AM	#11
SmokeyTheBear ►SouthOfHeaven Join Date: Jun 2004 Location: PlanetEarth MyBoardRank: GerbilMaster My-Penis-Size: extralarge MyWeapon: Computer Posts: 28,609	Try this tool out http://www.ethereal.com/distribution/win32/ __________________ hatisblack at yahoo.com

01-17-2005, 11:25 AM	#13
xlogger Confirmed User Join Date: Jul 2004 Location: NY Posts: 9,507	o well fuck it, i will nuke that ip and not use the program. __________________ ---------- XLOGGER [REFLECTED] [OH]

01-17-2005, 11:28 AM	#14
SmokeyTheBear ►SouthOfHeaven Join Date: Jun 2004 Location: PlanetEarth MyBoardRank: GerbilMaster My-Penis-Size: extralarge MyWeapon: Computer Posts: 28,609	If you read the packet it will tel you what is being sent to that ip.. If it is a proxy , they are just forwarding the packet through the proxy , using the sniffer you can find the intended destination __________________ hatisblack at yahoo.com