Skip to navigation

PCPro-Computing in the Real World Printed from www.pcpro.co.uk

Register to receive our regular email newsletter at http://www.pcpro.co.uk/registration.

The newsletter contains links to our latest PC news, product reviews, features and how-to guides, plus special offers and competitions.

Analysis

4. Check for leaks

Posted on 12 May 2008 at 15:03

One clever way in which a Trojan might hoodwink your firewall is by changing its name to that of one of your trusted applications, so as to gain outbound data communication privileges. A leaktest mimics this behaviour. A whole host of them, along with reams of documentation about the problem, can be found at the Firewall Leak Tester website (www.firewallleaktester.com), as recommended to us by Skyler King, group manager of research and development at ZoneAlarm developers Check Point.

Other recommended leaktesters include Steve Gibson's at GRC (www.grc.com/lt/leaktest.htm), which kickstarted the whole genre, or alternatively the PC Flank Leaktest (www.pcflank.com/pcflankleaktest.htm). Both make an outbound TCP connection from your PC to a remote port 80 web server. Your firewall should prevent this most trivial application-masquerading bypass, and you can test to see if your firewall allows any program with the same name as a trusted application to gain outbound access by simply changing the name from leaktest.exe (in the case of GRC Leaktest) to whatever the application is called. If it's allowed to access the remote server then a Trojan could easily do likewise.

5. Send in the processor probes

Hack it yourself

Author: Davey Winder

Be the first to comment this article

You need to Login or Register to comment.

(optional)

advertisement

Latest News Stories Subscribe to our RSS Feeds
Latest Blog Posts Subscribe to our RSS Feeds
Latest Reviews Subscribe to our RSS Feeds
Latest Real World Computing

advertisement

Sponsored Links
 
SEARCH
SIGN UP

Your email:

Your password:

remember me

advertisement


Hitwise Top 10 Website 2008