What Is A Reverse Http Backdoor And How Can It Hurt You?

When you are dealing with the world of networked computers you will always find something that will amaze you. Because the world of networking can be the most complicated part of any computer system you will find that you are surprised at the many things that attackers can do to the system. Every day security researchers are finding new attacks that at one time they thought were impossible. So the key now is to never think that your network can be defended against all attacks. No matter what kind of security system you put on your machine you must be prepared to actively defend it.

What Is A Reverse Http Backdoor And How Can It Hurt You?

Open ports

The reason why it seems so hard to defend your computer network against outside attacks is because you always have to have some sort of port open. These ports are open so that the computers that are inside of the network are able to contact the outside world. Without these open ports being available, the networked computers would only be limited into being able to talk to themselves only. And even then, each of the computers would have to have an open port to do even that. There are several ports that are always kept open because of the type of traffic that is expected to go through. While the traffic might be monitored on some of the networks out there these ports are still left open because of tradition. One of the ports that are usually left open is port 80. This is the port where you connect to the internet traditionally. Another port that is usually left open is port 443. This is the port where SSL traffic is usually located at.

And this open port 443 has proven to be a problem in recent months. The SSL port must be left open because for SSL to work you have to be able to connect from one open port to the other open port completely. There can be no interception or middle man. That way you are able to ensure that the entire connection is secure. Some black hat hackers have found a way that they were able to use this supposedly secure connection to be able to transmit a different protocol than it was used to. Because the connection has to be connected the whole entire time for it to work, you cannot place a middle man inside of it to intercept the traffic to make sure that it was the proper protocol. That is what made the attack so genius. This was the type of attack used against Google and a couple of other high profile companies when they were hacked

This protocol allows the attacker to be able to send out commands over the computer and the entire network. The one weakness in the original exploit protocol the hackers made was that the initial header that it sent to wake up the exploit had a custom protocol header. This means that if someone was monitoring the network and they saw this particular signature then that would mean that they could easily shut it down. So the creators of this particular attack got even sneakier and they created a header that was able to duplicate the normal SSL commands that would come over the network. Once they had the connection they could then proceed to take over the network.

The cure

For most companies, the IDS you have will be able to detect if this type of attack is happening on your network. Since the attack is known by the security community now, there is more awareness and people have figured out how to stop it. It is not the gigantic disaster that people once though it would be. The main problem with an attack like this is that it created a gigantic backdoor to the system that nobody would notice. Now that most popular intrusion detection systems know about the attack there is less that you as the system administrator have to worry about.

If you are running a network or even your home computer, you can never be too insistent that your security system will be able to take on any type of malware that is out there. You have to be active in making sure that your network is safe. That means that if it is time for back up or a scanning of your system to make sure that there are no malware in it then you must do it. While it might seem like a pain at the time, in the long run you will be glad that you did it.

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.

Comments

  1. “While it might seem like a pain at the time, in the long run you will be glad that you did it.” This is the point I think, a lot of people see security as a hurdle they cannot jump, when in fact with a little research and some forward thinking your networks and machines can be significantly hardened.

    • I think there is also a financial issue there to some degree as well Mike – some organisations are very reluctant to spend money to mitigate something they believe won’t happen to them. Its only after they’ve been breached that they realise what a disasterous short-term strategy that is.

      • Unfortunately I think you are right. The problem with being reactive to security issues is the fact you have already suffered the damage. That’s if you ever discover the breach….

        • Yeah thats very true. Its easy to forget that, in this ‘Anonymous Age’, most breaches still go undiscovered. Or unpublicised at the very least.

Speak Your Mind

*