Introduction | Internet |
 |
You can defeat attempts to connect to a backdoor by running internet security software, such as Norton Internet Security or ZoneAlarm. But this is a bit like locking the doors and setting the alarm when the thief is already in the house. It's better to be sure that your computer doesn't play host to a backdoor in the first place. Good antivirus programs detect all known Trojans. But, like viruses, new Trojans appear all the time, so it is imperative that you keep your antivirus software up to date.
Network security professionals check for possible backdoors into their systems by scanning for open TCP/IP ports. You can do the same. Close all your applications (including internet applications), then open a command prompt and type the command 'netstat -an'.
On a properly configured home PC with no applications running there should be no active connections, but if some connections are listed, look at the information in the column headed 'Local Address'. The number after the colon is the port number, and this should provide a clue as to what program is listening for connections.
It's common to find port 139 open. This port is used by Windows file and printer sharing, and it means that your files and printers can be accessed by anyone on the internet. You should either disable file and printer sharing, or bind it to the NetBeui protocol and then unbind it from TCP/IP. Instructions for doing this can be found at http://grc.com/su-fixit.htm, where you will also find plenty of information regarding security.
If other ports are listening, particularly if they have numbers greater than 1024 and you don't know what they are, a Trojan may be providing an unwanted backdoor into your system. Check the port number against an up-to-date list of Trojan backdoor ports, such as the list at www.onctek.com/trojanports.html or www.glocksoft.com/trojan_port.htm.