Beruflich Dokumente
Kultur Dokumente
net/publication/312610164
CITATIONS READS
0 51
2 authors, including:
SEE PROFILE
Some of the authors of this publication are also working on these related projects:
All content following this page was uploaded by Muna Majeed Laftah on 23 January 2017.
Abstract
Sometimes operating system designer personal deliberately create a hole in the security of the
system. This hole or backdoor allows them later to take control of the system. Attackers who have
compromised a system to ease their subsequent return to the system often install backdoors.
This paper presents a tool for intrusion operating system (Windows XP) by using one of the
system port the main reason for using this port to fabricate the firewall and the administrator on the
server computer, where this tool can work by placed intrusion program into chess game then attach
this game with email after attachment then send this email to any computer server. Tiny firewall
used to test the proposed tool and check if intrusion occurred.
175
Eman Esmaeel Hamed
service and is represented by a 16-bit number system ports (NetBIOS Session (TCP),
in the UDP or TCP header. Port numbers windows file and printer sharing. This is the
between 1 and 1023 are called well-known single most dangerous port on the Internet,
ports because they enable clients to find All "file and printer sharing" on a windows
servers easily without configuration machine runs over this port. About 10% of
information. all users on the Internet leave their hard
Port numbers between 1024 and 65535 are disks exposed on this port, This is the first
called ephemeral ports because they are used port hackers want to connect to, and the port
for a short period of time. Clients to initiate that firewalls block).
connections to servers use ephemeral ports. IT can attack the server computer by using two
When the session with the server ends and the operations
service is no longer needed, the port is Connection with server
released to the pool of available ports. Sent any massage to the server
A higher-layer application that computer.
communicates across a TCP/IP internet work 4-2. IT server
with another higher-layer application In the server computer the chess game is
maintains an association, which takes the installed in hard disk .The ITserver.exe is
following form: hidden in this game and use port number (139)
[Protocol, source IP address, source port, to connect with server computer or client. The
destination IP address, destination port]. IT server works in all time and can connect to
This association uniquely identifies a the remote server if the game is running or
connection in the network, and is made up of stop running. Below is the algorithm described
two half-associations, which take the this operation:
following form: 1. Check if LAN card is available.
[Protocol, source IP adresse, source port] 2. Read IP address of computer from the
Or [Protocol, destination IP adresse, network.
destination port]. 2. Check the ports numbers of network.
A half-association is generally called a 3. Listen on port 139.
socket. Thus, communication between two 4. Ignore port 139 open.
processes over a TCP connection is carried out 5. If client tries to build connection then
via a TCP socket. check if the client is a IT Client then send
The port usage setting can be used to make acknowledgement to client, else send refuse
certain that Windows XP clients don’t to client and try to build connection which
accidentally answer the phone and open a depends on port 139.
Backdoor onto network [5]. 6. Repeat steps 3 to 6 until operating system
is shut down.
4-Proposed Tool (IT) 7. End.
In this section a proposed intrusion tool
(IT) introduced. It contains two parts, the first 4-3. IT client
part IT server (ITS), the second part IT client This part of IT tool can connect to the
(ITC). This tool can attack the server computer server computer without telling it. Three
in local area network by the (ITC) where operations implemented by this tool
netbios of server computer must be active, Connect with remote server.
where ITC works in client computer. Attack Disconnect with remote server.
occurs when ITS works in server computer in Massage sent to the remote server.
secret manner without knowing of the server
manger. Connection of the Remote Server or Client
4-1. IT properties Algorithm:
1-The ITS hidden in chess game as attachment 1. Open the connection dialog.
with email. 2. Read the input IP address of remote IP
2-The ITC used port (139) to connect with the address field.
server computer, this port is one of the 3. Convert the IP address to Long number.
176
Journal of Al-Nahrain University Vol.11(3), December, 2008, pp.175-178 Science
177
Eman Esmaeel Hamed
الخالصة
في بعض االحيان مصمم نظام التشغيل يقوم متعمدا
بخمق فجوة في امنية النظام ىذه الفجوة او ماتسمى الباب
الخمفي تسمح لو الحقا بالسيطرة عمى النظام .المياجم يقوم
بخداع النظام من اجل تسييل العودة الحقا الى النظام
واالختراق عن طريق الباب الخمفي .
في ىذا البحث تم تصميم اداة الختراق نظام تشغيل
) xp-من خالل استغالل احدى منافذ النظام (نافذة
والغرض الرئيسي من استخدام ىذا المنفذ ىو عممية خداع
الحاجز الناري Firewallوبالتالي خداع الشخص المسؤ ول
عن تمرير االتصال .حيث ان ىذه االداة تستطيع العمل
بواسطة تعشيقيا برنامج االختراق مع لعبة الشطرنج ثم الحاق
ىذه المعبة مع البريد االلكتروني وارسال ىذا البريد الى اي
حاسبة رئيسية ( . ) computer serverحيث تم استخدام
الحاجز الناري Firewallالختبار االداة المقترحة ولمتأكد من
حصول االختراق .
178