NetSphere Backdoor Detection

critical Nessus Plugin ID 10005

Synopsis

A remote host contains a remote access trojan or backdoor.

Description

The NetSphere backdoor is installed on the remote host. By connecting to it, a remote attacker can gain control of the affected system.

Solution

Telnet to TCP port 30100 on the affected host, type '<KillServer>' (without the quotes), and then press '<Enter>'. This will stop the NetSphere service. Then manually determine how the machine came to be configured with a backdoor and clean it accordingly.

See Also

http://www.commodon.com/threat/threat-ns.htm

Plugin Details

Severity: Critical

ID: 10005

File Name: NetSphere.nasl

Version: Revision: 1.26

Type: remote

Family: Backdoors

Published: 7/8/1999

Updated: 10/21/2015

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C