Finding out if your backdoored or trojaned
Finding out if your backdoored or trojaned
How can you find out if you have IP addressed connected to you.
cmd >netstat brings up all of the connections but, how can i figure out what is normal and what isn't this is were im stuck.
any help would be greatfull thank you!
cmd >netstat brings up all of the connections but, how can i figure out what is normal and what isn't this is were im stuck.
any help would be greatfull thank you!
- computathug
- Administrator
- Posts: 2693
- Joined: 29 Mar 2007, 16:00
- 17
- Location: UK
- Contact:
you want to run a packetsniffer on yourself. Wireshark, and monitor the connections and view what is being transmitted. Some of this stuff can be just browser toolbars, IM idling in the background, etc - if you got windows, use Process Explorer instead of Taskman - click on properties to view what is running, TCP/IP, and called dlls/processes.
Make sure you have a firewall installed on your computer.
DNR
Make sure you have a firewall installed on your computer.
DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
Big thanks to you guys i understand the tcp/ip protocol as i have learnt that. im gonna download some of these tools and actually find out, i view my ports to see what was going on etc honestly thank you very much will write back with my findings!
also im running sygate as my firewall, from my research i figure this one is the best i know you cant ever be secure but this helps hit me back
also im running sygate as my firewall, from my research i figure this one is the best i know you cant ever be secure but this helps hit me back
Last edited by re4per on 03 Apr 2009, 05:26, edited 1 time in total.
- computathug
- Administrator
- Posts: 2693
- Joined: 29 Mar 2007, 16:00
- 17
- Location: UK
- Contact:
If you also want to scan your ports to see which are open/closed etc then download 'nmap' too.
If you need any help with any just keep posting xD
Before i forget "dont try and scan suck-o with any scanners"
You have been warned. You will get banned automatically and will have to email b_b to have your ip un-banned.
Thought i better let you know before you wonder why you cant get on site
If you need any help with any just keep posting xD
Before i forget "dont try and scan suck-o with any scanners"
You have been warned. You will get banned automatically and will have to email b_b to have your ip un-banned.
Thought i better let you know before you wonder why you cant get on site
-
- Kage
- Posts: 732
- Joined: 31 Mar 2007, 16:00
- 17
- Location: Hidden in a Buffer Protection.
- Contact:
The biggest tip to learn manually is by installing or duel-booting with Linux. You will find Linux has all the tools you will ever need for anything. I recommend Debian cause its pretty damn awesome.l0ngb1t wrote:guys i want to learn more abt this stuff and i don't have problem to do it manually without any software and i don't care abt easy solution i just want to understand it more any help
and btw, you can nmap yourself, you can goto nmap's online site:
Code: Select all
http://nmap-online.com/
[img]http://i81.photobucket.com/albums/j205/ebrizzlez/4lsint1.jpg[/img]
- bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
well, you can do it without external software too, for example with the netstat command, to show all connections use:
and/or
the -n switch of the latter one will give an numeric output (IP address), the first one the hostname.
to get more info, like what application opened the port you can use:
in Windows you are pretty limited compared to Linux, that's why it's better to use the TCPview application computathug mentioned, you can find it in our downloads. it is much more userfriendly than the netstat command on Windows, the output is much like netstat -tulpn on Linux systems.
once you have found a suspicious connection you can use a packetsniffer like Wireshark to capture the outgoing packets, this way you can see what data is sent from your system to the target host. but Wireshark is a tool that demands some background knowledge about the TCP/IP protocol family, else it'll be hard to understand what all the displayed data means.
if you are really interested in it I recommend to get "TCP/IP Illustrated" from our downloads, it's a very good e-book, you'll find all background knowledge you will need in it...
Code: Select all
netstat -a
Code: Select all
netstat -an
to get more info, like what application opened the port you can use:
Code: Select all
netstat -anb
once you have found a suspicious connection you can use a packetsniffer like Wireshark to capture the outgoing packets, this way you can see what data is sent from your system to the target host. but Wireshark is a tool that demands some background knowledge about the TCP/IP protocol family, else it'll be hard to understand what all the displayed data means.
if you are really interested in it I recommend to get "TCP/IP Illustrated" from our downloads, it's a very good e-book, you'll find all background knowledge you will need in it...
Ubuntu is a computer operating system based on Debian GNU/Linux.MrRod wrote:Is Debian the same as Ubantu?
-thats from wikipedia
http://en.wikipedia.org/wiki/Ubuntu_(operating_system)