This invention relates to the detection of Trojan Horses within a network system, and more specifically to method and apparatus for comprehensive detection of Trojan Horses or other networked computer-related vulnerabilities with minimum processing overhead on the network scanner.
Security vulnerabilities in networked computers are a growing problem and scanning for and detecting the same imposes a high processing overhead on the network scanner. Trojan Horses infect ports within host computers connected via the Internet or like network systems in which access is relatively open to hackers, viruses and other computer piracy. Most Trojan Horses do not respond to a detector probe unless the probe packet is sent with the correct encryption key, which of course is unknown to a scanner. Thus, the scanner must try every possible key in the encryption modulus to ensure detection of the Trojan Horse. Unfortunately, multiple-key detection probing of multiple computers and ports is extremely time consuming. The previously known alternative—testing only a limited subset of the key space or only a limited number of computers or ports—represents an incomplete scan of the networked computers. This less-than-comprehensive prior art approach allows Trojan Horses and other serious network vulnerabilities to lurk undetected or to posture unrecognized.