Rachit Kr. Rastogi
Department of Computer Engg.,
Pantnagar,
Abstract
Tunneling collectively refers to the techniques, algorithms and ways of tracing code attached to a particular interrupt & then finding the original DOS/BIOS code, this in term can be used to bypass all memory-resident programs including viruses, which have trapped the interrupts (generally INT21h & INT13h). Through recursive Tunneling we need to analyze the target interrupts by finding their original points, when these points are tunneled then the infection system of more then 95% viruses gets deactivated. In a SSH connection, one gets a secure telnet-like terminal emulator window, through this secure connection one can piggyback other traffic (communication protocols) that's a SSH tunnel. In all a tunneling virus attempts to bypass activity monitor anti-virus programs by following the interrupt chain back down to the basic DOS or BIOS interrupt handlers and then installing itself. In virus trapping, the first step is to activate the trap flag, for the step by step execution of the processor after that we will just call the interrupts without running them, so by that call instruction we can check out the contents attached with that particular called interrupt or if it is found to be malicious then we can clear the all before it's activation. At the last if the virus writer is known everything in prior (like the tunneling procedures) and if he/she is able to change the status of trap flag then the best way to stop the devastator is to save the status of every flag on the execution of every step and invalid jumps to default address can be avoided. Therefore tunneling can be finally mixed up with many facts such as heuristic virus scanners, secure socket layer applications & controlling network traffic etc by the implementation of bypassing the default code attached with a particular interrupt and then results in saving of an infected system to a pure error free system.