What’s Back Door And How Does It Work ?

        What’s Back Door And How Does It Work ?

Back Door

A back door is a means of access to a computer program that bypasses security mechanisms. A programmer may sometimes install a back door so that the program can be accessed for troubleshooting or other purposes. However, attackers often use back doors that they detect or install themselves, as part of an exploit. In some cases, a worm is designed to take advantage of a back door created by an earlier attack. For example, Nimda gained entrance through a back door left by Code Red.

Whether installed as an administrative tool or a means of attack, a back door is a security risk, because there are always crackers out there looking for any vulnerability to exploit. In her article “Who gets your trust?” security consultant Carole Fennelly uses an analogy to illustrate the situation: “Think of approaching a building with an elaborate security system that does bio scans, background checks, the works. Someone who doesn’t have time to go through all that might just rig up a back exit so they can step out for a smoke — and then hope no one finds out about it.”

How they work ?

Direct connection:

Backdoors are usually based on a client-server network communication,where the server is the attacked machine,

and the client is the attacker.It is a kind of standard. This is called direct connection,when the client directly connects to the server.  The server application is installed on the computer you want to control and is hidden from the victim.

When the server application is runned,it will start listening for incoming connections from the client. Attackers use the client application is different from the server,as it has a GUI (graphic user interface) that allows the attacker to connect to the server remotely,by specifying the IP address of the server computer and the port number (1-65535) on which the server application is listening. If the connection is successfull,the client can now retreave information about the server and send commands to it. The server recognizes the commands,and executes a part of code for each commands.

For example,when you send a command “cdopen”,the server will open the CD-ROM door. If the connection attempt failed,the server isn’t running on the remote machine,or a firewall/router is blocking the access to the port used by the server.

Reverse connection:

This kind of connection between the server and the client became popular when routers became popular too. The main advantage is that the server (or multiple servers) connect to a single client,bypassing routers. Secondly,the client can send a single command to multiple servers that are connected (broadcasting). Data exchange is same as in the direct communication.