Re: OT? New compromise.

["Paul D. Robertson" <probertson () FluidITGroup com>]

J. Oquendo wrote:
[Pine doesn't like the encoding, so I'm replying from this account]
> Stian Øvrevåge wrote:
>
> > > On Windows
> > > /c:\netstat -an |find /i "listening"/
> > >
> > > Why download when you can use existing tools...
> >
> > Ever heard of rootkits?
> No I haven't can I buy this somewhere? I don't use Windows but if I

Come on, the point was very valid.  I wish more admins would consider it 
when things go from incident to investigation it's important.
> Sysinternals (before MS rolled over them) had some neat tools one
> of which provided the admin with the name of the program running
> that had said ports opened along with the DLL file information, etc.
> I'm sure older Forensics disks (F.I.R.E, Snarl) etc., have the tool
> on them.

Sysinternals *still* has some neat tools, and (yep, mark it on your 
calendars, I'm saying it) Microsoft rolling over them has actually 
improved things somewhat.  Instead of multiple versions, you now tend to 
get just one binary that'll run on all the platforms.  They're still 
redirecting the URL too.

Paul

-- 
President and Chairman, FluidIT Group
Moderator, Firewall-Wizards.  Editor, Network Firewall FAQ
New blog:  http://www.fluiditgroup.com/blog/pdr/ 

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards