Ayoi’s

Description:

The term Backdoor describes a specific group of Trojan Horses. As Trojans, they are not able to spread itself to other computers. Backdoors allow attackers full control over the victim’s PC. Mostly they are split into 3 parts:

1. Server
   The part which is put on the victim’s PC and takes control over the PC.
2. Client
   A little program used by the attacker to connect to the server and control the computer.
3. Editor
   An additional tool to create the server program. It allows the attacker to create an unique server and allows him to set all options and rules for the server.

Ok, I didn’t create this and I think this is an old stuff. Just found it when googling for something else

Ok, I’ve received one interesting comment from one of the readers of my blog post at security.org.my. The post title is Interview Questions and you can read it here. This is the comment :

Requires review: Yes (Auto-moderation after X days)

User IP-address: 141.76.xx.xx

User Name: ayoi poyo

User Email: poyo@gmail.my

User Homepage: security.org.my

Comments:

this kinda of question for interview is tersgt la poyo. check out HP punya soalan interview for network security engineer. They really make sense. Ni soalan untuk budak exam yg suka baca buku,bukan for good network engineer. duhh..what a dork

Of cause I’ve approved that comment. Anyway I would like to point out few things here:

a). Sorry to say but I dun have the privilege of viewing or reading any HP interview questions. Perhaps if the commenter can provide me with one, I would be so grateful.

b). Btw those questions are meant for future security analyst where IMHO somehow caters few aspect in the Security Analysts scope of works and not meant for Network Engineer. Btw I do believe a network engineer should be able to answer my questions with ease.

c). If you feel that those questions are meant for exam oriented people (based on your quote “budak exam yg suka baca buku” then from the interviews that I’ve conducted, these type of candidates failed miserably. In fact those who managed to get the job are the ones who knows how to apply these knowledge in the real work environment. In fact some of them didn’t have any technical degrees but they have vast of knowledge and skills.

d). I thought those questions are easy and to be honest, those are basic questions. TCP handshake is the most basic knowledge for this widely used protocol.

Perhaps the commenter is one of the failed candidates? I just dun have any idea and yeah, if you ask my wife, perhaps she agrees on the dork and poyo part

p/s: Perhaps no need to hide behind anon-online.org eh? Then perhaps the comment came straight from the heart and honest

When I fires up my thunderbird this morning, I received one email from one of this blog readers (sounds like I have many readers eh?No lah) inquiring about on the requirements to get involve in this security field. From the content of the email, I can conclude that the sender is one of the students and it seems that she has the interest and perhaps the attitude as well and hopefully she won’t change her mind when she received my reply.

Because the 1st requirement that I pointed out to her is having the right attitude. Interest, passion, curiosity are few of the characteristics that can only help you in order to progress. Well some of our SAs here lacked this kind of attitude (One of the areas that I need to improve). Also the needs of having a good and sound fundamental, be it in networking, security or others. At least when you encountered these statements,

“Throttling :  LaBrea accepts new connection but advertises a very small receiver window. The receiver window instructs the sender to not send more data per packet than the window allows. When throttling, connections still make progress, albeit slowly.

Persistent capture : LaBrea advertises a TCP receiver window size of 0 and instructs the sender to wait before sending more data. Periodically, the sender comes back and sends window probe packets to determine if the window has opened up again. This state can be persist indefinitely.”

You will understand fully what are these statements trying to convey.

And yeah, that’s what I’ve taken from Virtual Honeypots book. It is about Low interactive type of Honeypot application called LaBrea. Low interaction honeypot is the one that only simulates or emulate services, responses or application as this type of honeypot is not meant to represent a fully featured operating system. As for LaBrea, it introduces the tarpit concept where it will try to slow down spammers or worm by making the TCP connection very slow or completely stalling their progress. How? By using the methods that I’ve mentioned above, basically by manipulating the window size. That’s why it is important to have this kind of knowledge. For time being this is my reading material while traveling in LRT. One of the things that I will definitely deploy. (Honeypot or perhaps honeynet)

taken from successfromthenest.com