APS Utility

The APS utility is a utility for detecting hacker attacks. As you know, the first phase of most hacker attacks is a network inventory and port scanning on detected hosts. Port scanning helps to determine the type of operating system and detect potentially vulnerable services (e.g. mail or a WEB server). After scanning ports, many scanners determine the type of service by sending test requests and analyzing the server response. APS utility communicates with the attacker and makes it possible to unambiguously identify the fact of an attack.

In addition, the utility is designed for

• To detect all kinds of attacks (primarily port scanning and service identification) and the appearance of Trojans and network worms in the network (APS has over a hundred ports used by worms and Backdoor components)
• To test port scanners and network security. To test the scanner you need to run APS on a test computer and scan ports - the APS protocols allow you to easily find out which scans the scanner runs and in what order;
• For testing and operational control of the Firewall. In this case, the APS utility is run on the computer with the Firewall installed and scan the ports and (or other attacks) against the PC.

If the APS gives an alarm, it is a signal that the Firewall is not working or is not properly configured. APS can be run behind a Firewall-protected computer all the time to check if the Firewall is working properly in real time - Blocking and detecting network worms and Backdoor modules - The principle of detection and blocking is based on the fact that one and the same port can be opened for listening only once. Consequently, opening the ports used by Trojan and Backdoor programs before they are launched will prevent them from running, and after they are launched will detect the fact that another program is using the port - Testing anti-Trojan and anti-virus programs, IDS systems - APS has over a hundred ports of the most widespread Trojan programs in its database.

Some anti-Trojan horse software can scan the ports of the tested PC (or build a list of ports without scanning using Windows API) - such software must report suspicious Trojan ports (with a list of "suspicious" ports displayed) - the list obtained can be compared with the list of ports in the APS database and conclusions about the reliability of the tool used. The working principle of the program is based on listening to the ports described in the database.

The ports database is updated and if you know the port used by a Trojan or Backdoor, send it to me - I will add it to the database. The database contains a brief description of each port - the short descriptions contain either the names of the viruses using the port or the name of the standard service the port corresponds to. When the program detects an attempt to connect to the tapped port, it logs the connection, analyzes the data received after the connection and, for some services, sends a so-called banner - a set of text or binary data transmitted by the real service after the connection.