Common Backdoors Hackers Use to Access Networks
Hackers use a number of methods for accessing a network and a backdoor is among one of the methods they use to compromise network security. A backdoor not only allows the hacker to access the network, it also provides them with the means to return and enter the system.
Backdoors present a lot of complex issues for system administrators because they have to understand the methods that hackers use before they can determine how difficult it will be to block their access. In addition, some of the backdoors that hackers use often are designed to go undetected by the system administrator which makes the problem more complex.
There are a few different backdoor utilities that allow a hacker to access a network and to keep returning through the same exploit. Although the administrator changes the password when an attack has been detected, backdoors can be programmed to provide the hacker with repeat access to the network. They accomplish this through machines on the network that are not used very often. The backdoor avoids logging by the system administrator so it appears that no one is online while the hacker continues to use the machine.
Another backdoor utility provides a way for the hacker to return to the network within a short amount of time. This prevents the hacker from having to go through the effort of locating a hole that it can exploit in order to gain access. If the hacker believes the system administrator has detected access, then they will opt to locate a vulnerability to avoid being detected.
This is the most common type of backdoor a hacker will use to breach network security and the machines that are connected to the network. Basically, a password cracker locates the accounts that have a weak password. These are accounts that are either unused or used infrequently and the hacker creates an access point by changing the password. When the system administrator searches for the fragile accounts, the ones that have the passwords changed will not appear.
A UNIX network system uses libraries that are shared for the purpose of recycling frequently used routines in an effort to reduce the size of the programs. Hackers will use a backdoor to access the routines with a backdoor password. When the system administrator checks the login program, the library is unseen as a source for backdoor passwords.
The bootblock section of a network is a common place for viruses to go undetected. This is because administrators do not have software that periodically checks the bootblock. Hackers exploit this by hiding backdoors inside the bootblock.
Hackers use timestamps to replace binary files with a trojan without being detected. They accomplish this by recreating the timestamp that is on the binary file and placing it on the trojan file. The clock is set back on athe binary file and then the clock on the trojan file is adjusted to the system clock to reflect the same exact time as the original file. Once the time is the same the system clock is set back to the current time. A program that is known as a checksum scans binary files to determine if the file has been altered. The alteration goes unnoticed due to the time change.