Week IV

Labs Covered: Identifying Windows 2000 Vulnerabilities NetBus Malicious Code Management and Hoaxes Lab Selected: NetBus Title: NetBus Explanation: NetBus is actually one of the older backdoor programs. Backdoor is any method or program used by an attacker to gain access to a computer at a later time, after initially gaining access. Therefore, NetBus is a program used to control a machine remotely. There are two portions inside NetBus. One is the server portion, called Patch.exe. Once it installed, it listens on port 12345 for incoming signals. Second is the client portion, called NetBus.exe. The client has simple GUI interface that allows the attacker to perform almost any task on the infected machine. Tools: NetBus software Procedure: Once you see the NetBus main console window, you can click scan to scan or listed all the IP address in the range entered. Next, type the IP address selected on the Host name/IP text box on the main console. Do not forget to connect the address by clicking �Connect!�. After the connection has been established, you can freely control the machine with that particular IP address. For example, you can shut the machine down, open CD-ROM or disable its� keyboard. NetBus main console window Reflection: It was the most fun lab to perform as people have opportunities to control other machines. They were shutting other machines and sending text messages over several PCs. Behind these fun activities, I think we should realize that how easily hackers can control our system once they can have our IP address. Once they are able to establish the connection, they could easily manipulate our system. Therefore, people should learn how to protect their machine by minimizing all the possible holes that can be used by hackers to implant backdoor in order to control the compromised machine in the future.