Reverse connection
A reverse connection is a connection to another computer that is used to bypass a firewall . One uses the property of the firewall that it blocks incoming connections, but not outgoing ones.
This type of connection is used in various situations, such as in file sharing networks or when transferring files via FTP (so-called passive mode ). The trick is also used by Trojans , which establish a connection to the perpetrator unnoticed by the victim.
background
Most Internet connections are made using the Transmission Control Protocol (TCP). One of the connection partners acts as a server waiting for incoming connections. The other ( client ) initiates the connection with a request to the server.
Numerous malicious programs or Internet subscribers attempt to exploit vulnerabilities on the computers of other subscribers in order to gain unauthorized access to them by opening connections to them. To protect against such attacks, firewalls are used, which are often configured in such a way that they do not allow incoming connections. A connection from a customer to the Internet can therefore only be established when the customer initiates the connection, i.e. acts as a client.
However, there are internet platforms and communication protocols that depend on being able to establish a connection with the customer. This means that a customer behind a firewall cannot use it. The principle of the reverse connection now consists in causing the customer's application to initiate a connection. This connection is allowed by the firewall.
In the case of a Trojan, this means that the Trojan, which is smuggled into the victim's computer and normally acts as a server, first takes on the role of the client and establishes a connection to the perpetrator's application.
Web links
Individual evidence
- ^ Gnome Help: Reverse Connections. Retrieved May 11, 2019 .