Close the Backdoors Please
What is backdoor?
A backdoor is a secret way into a network, application or system.
Why is it risky?
A backdoor can be inserted by vendor for remote support or by cyber actor for unauthorized system access. Backdoors present significant risks to enterprises because potentially anyone who knows or finds out about one could abuse it and not be easily detected.
Close the backdoors please
The following entries are published in public domains with source, timeline, subject and reference link.
[Zdziarski] 2014 July
Apple iOS Backdoors
http://www.zdziarski.com/blog/wp-content/uploads/2014/07/iOS_Backdoors_Attack_Points_Surveillance_Mechanisms.pdf
[Project Replicant] 2014 March
Samsung Galaxy Security Alert: Android Backdoor Discovered
http://redmine.replicant.us/projects/replicant/wiki/SamsungGalaxyBackdoor
http://www.darkreading.com/mobile-security/samsung-galaxy-security-alert-android-backdoor-discovered/d/d-id/1127675
[eset] 2014 March
25,000 Unix Backdoors - Operation Windigo
http://www.eset.com/int/about/press/articles/article/operation-windigo-largest-server-botnet-uncovered/
[Der Spiegel] 2013 Dec
Spy catalog
http://www.spiegel.de/international/world/a-941262.html
http://www.spiegel.de/international/world/catalog-reveals-nsa-has-back-doors-for-numerous-devices-a-940994.html
[Emsisoft] since 2000's
Documented ports associated with various backdoors
User NMAP (Network Mapper) and other tools to check that only allowed ports are available to the public. Know what ports are open on web servers and what IPs are visible on the Internet. Ideally, an organization will deny all traffic and only allow specific ports and applications to and from their servers.
Port 666: doom Id Software (TCP/UDP), Attack FTP, Satanz Backdoor (TCP)
Port 1003: BackDoor 2.0x (TCP)
Port 1243: BackDoor-G, SubSeven, Sub7(*), SubSeven Apocalypse, Tiles (TCP)
Port 1999: cisco identification port (TCP/UDP), BackDoor, BackDoor 1.00-1.03, BackDoor 2.x, TransScout 1.x (TCP)
Port 2773: BackDoor-G, SubSeven, Sub7(*) (TCP)
Port 4245: Rux.Backdoor (TCP)
Port 5598: BackDoor 2.03 (TCP)
Port 5698: BackDoor.203 (TCP)
Port 6711: BackDoor-G, SubSeven, Sub7(*) (TCP)
Port 6712: BackDoor-G, SubSeven, Sub7(*), Funny Trojan (TCP)
Port 6713: BackDoor-G, SubSeven, Sub7(*) (TCP)
Port 6776: 2000 Cracks, BackDoor-G, SubSeven, Sub7(*) (TCP)
Port 7000: Active Worlds (7000-7100) (TCP), BackDoor-G, SubSeven, Sub7*, Remote Grab, Kazimas (TCP)
Port 7215: BackDoor-G, SubSeven, Sub7(*) (TCP)
Port 9876: Cyber Attacker, Rux.Backdoor (TCP)
Port 27374: BackDoor-G, SubSeven, Sub7(*) (TCP)
Port 32764: Linksys router backdoor
Port 54283: BackDoor-G, SubSeven, Sub7(*) (TCP)
[SANS] 2000's
Default ports used by some known trojan horses:
port 80 AckCmd, Back End, CGI Backdoor, Executor, Hooker, RingZero
port 514 RPC Backdoor
port 1243 BackDoor-G, SubSeven , SubSeven Apocalypse, Tiles
port 6711 BackDoor-G, SubSeven , VP Killer
port 6776 2000 Cracks, BackDoor-G, SubSeven , VP Killer