GoFuckYourself.com - Adult Webmaster Forum

GoFuckYourself.com - Adult Webmaster Forum (https://gfy.com/index.php)
-   Fucking Around & Business Discussion (https://gfy.com/forumdisplay.php?f=26)
-   -   How can you find out if a program has a "backdoor". (https://gfy.com/showthread.php?t=417916)

xlogger 01-17-2005 10:35 AM
How can you find out if a program has a "backdoor".
 
Anyone know? Please help. How do you know if a prgram that you got doesnt have a backdoor.

Some one told me this..."install zonelabs firewall then start the .exe if the firewall says it try to connect to an ip then its backdoored"

Is he rite? or is that bad info.

StuartD 01-17-2005 10:37 AM
Depending on the program you're trying to run, but yeah... if you have something that doesn't need the inernet, and you run it and it tries to establish a connection to something.... chances are it's a backdoor into your system

AgentCash 01-17-2005 10:37 AM
Depends on what the program is... zonealarm will alert you when any program tries to connect, so even if it's just connecting to check for updates or any number of other things, it will alert you the first time.

xlogger 01-17-2005 10:44 AM
Ok i open up this program and its traying to connect to this proxy (or ip) 24.92.32.22

And zonelabs firewall tells me its taying to connect.

SmokeyTheBear 01-17-2005 11:08 AM
many times a program will just talk to the internet to find software updates , nothing wrong with that.. But to be sure , i would get a packet sniffer and sniff the packets being sent when you run the program..

xlogger 01-17-2005 11:10 AM
No this is a "special" program (and its cracked) i got that some people use. And it has been said it some version have backdoors.

SmokeyTheBear 01-17-2005 11:11 AM
Is that paltalk your using ??

xlogger 01-17-2005 11:12 AM
Quote:
Originally Posted by SmokeyTheBear
Is that paltalk your using ??
nah its not.

jukeboxfrank 01-17-2005 11:14 AM
You may not be able to understand the data packet from the sniffer but you can check out the IP addresses the program is connecting to. Most backdoors will connect to an IRC channel.

SmokeyTheBear 01-17-2005 11:17 AM
That ip looks like a personal ip from raodrunner time warner cable .. looks fishy to me.. I did a google on it and it has been used by personal ip's from an isp mainly.. I doubt it is anything legit.

SmokeyTheBear 01-17-2005 11:19 AM
Try this tool out http://www.ethereal.com/distribution/win32/

xlogger 01-17-2005 11:20 AM
Quote:
Originally Posted by jukeboxfrank
You may not be able to understand the data packet from the sniffer but you can check out the IP addresses the program is connecting to. Most backdoors will connect to an IRC channel.
It seems to connect to one proxy. Which is:

24.92.32.22
http://whois.sc/24.92.32.22
http://www.google.com/search?q=%2224...en-US:official

Edit: i think its a proxy..its in here (search for that ip) http://proxy2004.iespana.es/proxy200...SPLIT(164).TXT

xlogger 01-17-2005 11:25 AM
o well fuck it, i will nuke that ip and not use the program.

SmokeyTheBear 01-17-2005 11:28 AM
If you read the packet it will tel you what is being sent to that ip.. If it is a proxy , they are just forwarding the packet through the proxy , using the sniffer you can find the intended destination


All times are GMT -7. The time now is 03:18 AM.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123