So as we know now, Hackers would give you a program that is secretly hiding their RAT, and can control your computer from afar without you even knowing it. The question now though remains “How do they actually connect?” In the simplest way possible, you must understand that a computer when connected to the internet has a few key features that make everything tick.
While I do want to try and go into specifics, this article isn’t meant to teach basic networking, so to understand IP Address for the scope of this article, think of an IP address as a computer network’s Social Security number. I say network instead of computer because unlike back in the early days when we had dial up modems, computers now connect to a router/modem which then connects to the internet. That router has a very specific IP (220.127.116.11) but your computers that are connected to the router are given addresses usually in the form of 192.168.1.1-255. Back in the old days though, 1 computer had 1 modem that connected to the internet so each computer had it’s own SSN when connected to the internet. Again, not trying to get into specifics, just know that an IP address is a unique number in which a network is seen on the internet.
On computers that are connected to a network, there’s a thing called ports in which data is passed through. Again with specifics, ports are basically just doors in which data can transfer through. These ‘doors’ are only opened when a program on the computer is told to ‘listen’ for incoming data. Common ports are ports: 80 (HTTP/WWW), 21 (FTP), and 22 (SSH).
So now that we know a thing or two about IP Addresses and Ports next we’ll look at the two ways that hackers connect to their RATs. The two ways are Direct Connect (Hacker Connects Directly to Victim via IP:Port) and Reverse Connect (Victim Connects Directly to Hacker via IP:Port). It use to be nice, back in the old days when Direct Connect was the way to go, the Hacker had to face the difficulty of knowing whom he infected and before routers were mainstream, could secretly connect to the victim and he’d never know that his computer was listening for the hacker. You see, during the times before Routers, RATs would go onto a computer and open up a backdoor (a port) to the computer and the Hacker (having to know the IP and Port that was being opened) would be able to at any time connect to this computer when it was online. The victim, unless he was looking for which ports on his computer were opened and listening, would never know he was infected unless something went wrong and the RAT was detected by an Antivirus. This was essentially the mainstream way of connections before Broadband and Routers became standardized in households due to the computers wouldn’t have their own unique IP, and the Ports would have to be forwarded via the router. Another issue that’s presented is with firewalls being more widely used, they would block incoming connections such as a hacker’s RAT.
So since broadband and routers are mainstream, Hackers had to figure out how to connect to a computer when by default, routers would block open ports and even if they were open the router still needed to know which computer to route the traffic to. Here in lies the idea of Reverse Connection, in which instead of the hacker connecting to the victim, the victim would connect to the hacker. With this connection in place, the hacker only needed to make sure that their router was set to route traffic to their own computer, the victim’s computer didn’t need anything more then just an internet connection. With this involves some new issues:
- Victim’s computer is always calling out trying to connect to the Hacker
- If hacker didn’t set victim to connect to a Dynamic Address that points to the hacker, if the hacker’s IP changes then the victim won’t be able to connect to them.