Security Incidents mailing list archives

RE: Trojan? DDOS Bot?

From: "David LeBlanc" <dleblanc () microsoft com>
Date: Thu, 29 Aug 2002 20:05:19 -0700

If you're running XP or .NET Server, netstat -o will list the process
IDs, so you won't need fport. You would of course have to edit the perl
script to work with the changes.

-----Original Message-----
From: YAO,TONY (HP-NewZealand,ex1) [mailto:tony_yao () hp com] 
Sent: Tuesday, August 27, 2002 4:21 PM
To: 'Janus () etoast com'; incidents () securityfocus com
Subject: RE: Trojan? DDOS Bot?

Hi Janus,

There's an excellent tool I've been using for a while, actually set of
tools. 

Download Procdmp.pl from http://patriot.net/~carvdawg/perl.html. It also
has a EXE version PD.EXE running on Windows.

To use this tool, you need to have output from Pslist.exe, handle.exe,
fport.exe, listdlls.exe and netstat.exe tool. You can get them from
http://www.foundstone.com/ or http://www.sysinternals.com/. Netstat.exe
is native Windows tool.

[snip]

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

Current thread:

Trojan? DDOS Bot? Janus (Aug 27)
- Re: Trojan? DDOS Bot? Mike Parkin (Aug 27)
- Re: Trojan? DDOS Bot? Christopher Cramer (Aug 27)
- Re: Trojan? DDOS Bot? Erik Sperling Johansen (Aug 27)
- Re: Trojan? DDOS Bot? Dragos Ruiu (Aug 27)
- Re: Trojan? DDOS Bot? Michael J McCafferty (Aug 27)
- <Possible follow-ups>
- Re: Trojan? DDOS Bot? Richman, Samuel <NHTSA> (Aug 27)
- RE: Trojan? DDOS Bot? Brooke, O'neil (EXP) (Aug 27)
- Re: Trojan? DDOS Bot? Will Tell (Aug 27)
- RE: Trojan? DDOS Bot? YAO,TONY (HP-NewZealand,ex1) (Aug 28)
- RE: Trojan? DDOS Bot? David LeBlanc (Aug 30)