We can probably guess what a “backdoor” does from its literal meaning. Technically, though, the software belonging to this class is used to maintain access to a system that has already been infected.
We can distinguish between two main types of backdoor:
- Local: having a normal account on the server, a local server gives us administrator rights.
- Remote: even if we do not have an account on the server, thanks to the remote backdoor we can obtain administrator rights.
Backdoors:
- Modification of file /etc/passwd
- Adding new service in /etc/xinetd.d/
- Communication through ICMP
- Modifications of sources of sshd deamon
- Rootkit (kernel module)
0 comments:
Post a Comment