Backdoors are often installed by attackers who have compromised a system to ease their subsequent return to the system. We consider the problem of identifying a large class of backdoors, namely those providing interactive access on non-standard ports, by passively monitoring a site's Internet access link. We develop a general algorithm for detecting interactive traffic based on packet size and timing characteristics, and a set of protocol-specific algorithms that look for signatures distinctive to particular protocols. We evaluate the algorithms on large Internet access traces and find that they perform quite well. In addition, some of the algorithms are amenable to prefiltering using a stateless packet filter, which yields a major performance increase at little or no loss of accuracy. However, the success of the algorithms is tempered by the discovery that large sites have many users who routinely access what are in fact benign backdoors, such as servers running on non-standard ports not to hide, but for mundane administrative reasons. Hence, backdoor detection also requires a significant policy component for separating allowable backdoor access from surreptitious access. (source : http://www.icir.org/vern/papers/backdoor/)
If your computer connect to internet or network, it can be so easy by other look what you're doing on your computer. PC's that connect to internet or other network will sent any information to stay connected. This became the way by Outsider sniff on your computer. To prevent this you need firewall. Windows has their own firewall, but this is not enough. You need other third parties tool.
My suggestion software that you use to keep your PC's is:
Zone Alarm Pro
COMODO Internet Security
Armor Firewall
F-Secure Internet Security
Prisma Firewall
4 Net Firewall
ESET Smart Security
PC Tools Firewall
Others
In the other way you can close your open port that you don't need
Posts
No comments:
Post a Comment