This topic contains 1 reply, has 2 voices, and was last updated by grublets 1 month ago.
- October 21, 2020 at 2:31 pm #320920
If there is a malware on my computer that is communicating with a hackers server, they don’t normally open a port on my firewall, they would piggyback on an already open port. That is my understanding.
But if they go through a normal port like 443 and their server is on some random port ##. Then how does my router? or how does their server change the 443 listen to port## listen. If you get what I’m saying?
- October 21, 2020 at 2:31 pm #320921
They’ll sent out stuff on common ports. Outgoing to TCP 443 in an attempt to avoid detection by being lost in the “crowd” of HTTPS traffic.
Some have used small UDP 53 messages trying to look like DNS traffic.
There’s no shortage of ways to try.
- October 21, 2020 at 2:31 pm #320922
Think of it like this, say you have a vulnerable SSH server (port 22) and they sign in as root. They can spin up a Apache web server on port 8080 and throw your files on there to download from there computer.
Just because they get in one way doesn’t mean they go out the same.
You must be logged in to reply to this topic.