Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
1278 Views 6 Replies Latest reply: Sep 15, 2013 9:31 PM by Chandan Kumar RSS
Chandan Kumar Newcomer 3 posts since
May 27, 2013
Currently Being Moderated

May 27, 2013 10:53 PM

Backdoor Catch-All - How to Fix?

Greetings,

 

I executed McAfee Vulenerability Scanning on my web server and it has captured (Backdoor Catch all). Does anywhere aware how to fix this?

 

Report details: -

 

Backdoor Catch-All

 

Description

This plugin flags open and unidentified ports that

backdoors have been known to operate over.

 

Solution

Investigate service to determine its legitimacy.

 

Detail

This port was found to be open and its service could not be

identified. Backdoors are known to operate over this port.

Please verify that a legitimate service is listening on this port.

----------------------------------------------------------------

Backdoor(s) known to operate over port 443 (TCP):

Slapper

 

Appreciate your any help.

  • Heather Mentzer McAfee Mentor 5 posts since
    Oct 15, 2012
    Currently Being Moderated
    1. Jun 21, 2013 4:12 PM (in response to Chandan Kumar)
    Re: Backdoor Catch-All - How to Fix?

    Moving Discussion to MVM for an answer.


    Heather Mentzer
    Systems Support Specialist
    SaaS Email and Web Protection
    McAfee Intel Company.jpg
  • shaminder.singh Newcomer 1 posts since
    Jun 30, 2013
    Currently Being Moderated
    2. Jun 30, 2013 11:33 PM (in response to Heather Mentzer)
    Re: Backdoor Catch-All - How to Fix?

    Hi Team,

     

    I have executed the scan and found the same vulnurability.

     

    Below are the details i have got from scan results:

     

    This port was found to be open and its service could not be

    identified. Backdoors are known to operate over this port.

    Please verify that a legitimate service is listening on this port.

    ----------------------------------------------------------------


    Backdoor(s) known to operate over port 80 (TCP):

    711 trojan (Seven Eleven), AckCmd, BlueFire, Cafeini, Duddie, Executor, God Message, Intruzzo , Latinus, Lithium, MscanWorm, NerTe, Nimda, Noob, Optix Lite, Optix Pro , Power, Ramen, Remote Shell , Reverse WWW Tunnel Backdoor , RingZero, RTB 666, Scalper, Screen Cutter , Seeker, Slapper, Web Server CT , WebDownloader

     

    Can you please suggest the possible fix for this vulnurability.

     

    Thanks,

    Shaminder Singh

    RHCE

  • John M Sopp The Place at McAfee Member 88 posts since
    Nov 17, 2009
    Currently Being Moderated
    3. Jul 1, 2013 7:49 AM (in response to shaminder.singh)
    Re: Backdoor Catch-All - How to Fix?

    What this check is saying is that this may be a backdoor-like all of the Top weekly Malware or AV style checks in MVM-there is a high false positive rate. You need to investigate manually and determine what is running on that system on that port.

    Most of the time it's some non malicious service.

    I personally disable these checks-would recommend doing so as MVM is not designed to detect malware well.

    The only use case I see for this check is when you are trying to determine if a system is behaving maliciously based on alerts in other security controls(AV scanners, IPS/IDS, Network forensics) etc-you can use this info as part of your "Evidence" but I wouldn't bank on it without manual investigation.

  • rhy Newcomer 1 posts since
    Sep 13, 2013
    Currently Being Moderated
    4. Sep 13, 2013 11:05 PM (in response to John M Sopp)
    Re: Backdoor Catch-All - How to Fix?

    So this message is given basically just a blanket message for any server with port 443 open?

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points