Blocking agents can keep hacker utilities at bay

Blocking agents can keep hacker utilities at bay





BackOfficer Friendly freeware, top, lists sites from which break-in attempts were made against the system running the app. Nuke Nabber freeware monitors up to 50 ports for suspicious activity.



Intranet-connected firewalls, free downloadable apps police computer ports and e-mail attachments

By Roland Grefer

Special to GCN

Prominent government Web sites and networks are not the only targets for hackers these days. Almost any computer running Microsoft Windows that has a persistent Internet connection is vulnerable.

Intruders equipped with remote-control utilities such as Back Orifice are constantly prowling to find permanent PC connections, such as cable modems, from which to launch attacks on other systems.

Many government users might not want to pay for a full-blown firewall to protect their home systems, but there are a couple of free utilities they can install. Taking the next step, they can consider personal firewalls for intranet-connected systems at work to guard against insider attacks.

BackOfficer Friendly, an unobtrusive and free burglar alarm for permanent Internet connections, is downloadable from Network Flight Recorder Inc. of Washington, at www.nfr.com/products/bof/.

Another free utility called Nuke Nabber intercepts some common break-in attempts. Preconfigured to monitor up to 50 commonly exploited computer ports, it is downloadable from www.dynamsol.com/puppet/nukenabber.html.

Although free utilities cannot provide comprehensive protection, they are a lot better than nothing.

Users ready to take the next step should look at commercial personal firewall products such as @guard, from www.atguard.com, and ConSeal PC Firewall, at www.signal9.com.


Up-to-date versions of most virus scanners, including those from Network Associates Inc. of Santa Clara, Calif., also can detect Back Orifice.


Piggyback parasite


A popular way to introduce Back Orifice surreptitiously is to embed it inside an executable e-mail attachment such as a screen saver or shareware program.

The camouflaged Back Orifice hooks itself into the target system and listens for requests for its services. Any cracker or hacker running a Back Orifice counterpart can take over almost complete control of the affected system.

Last month's open-source release of Back Orifice 2000 at the DefCon hackers convention in Las Vegas has made the utility's presence exponentially more difficult to detect, because any qualified programmer can introduce modifications.

Visit the Web sites at ntbugtraq.ntadvice.com/default.asp?sid=1&pid=47&aid=45 and www.bo2k.com.

A recent security alert from Internet Security Systems Inc. of Atlanta identified other backdoors for Windows systems: DeepThroat, NetSphere, GateCrasher, Portal of Doom, GirlFriend, Hack'a'Tack, EvilFTP, phAse Zero, ExploreZip.worm and SubSeven.

Backdoors usually cause unexpected system behavior, such as applications running without having been started by the user, or the CD-ROM drive opening and closing for no reason.

A user opening e-mail in Microsoft Outlook might be surprised to see the PC suddenly access an unknown Web site and start executing an Active Server Page.

Netscape Communicator 4.x browsers can be configured to disable JavaScript for Mail and News in the Preferences menu. Outlook Express, however, as part of Microsoft Internet Explorer 5.0, cannot be configured to use settings that are different from the browser settings.

Even when Explorer 5 has the high security zone settings, it still defaults to allow execution of trusted ActiveX scripts. To prevent this default from happening, users can customize the security zone settings in the Options menu to either Prompt or Disable.

Roland Grefer is a Labor Department contractor for Base Technologies Inc. of McLean, Va., and an alumnus of the SANS Institute of Bethesda, Md.

inside gcn

  • IoT security

    A 'seal of approval' for IoT security?

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group