Security Incidents mailing list archives
RE: Trojan? DDOS Bot?
From: "David LeBlanc" <dleblanc () microsoft com>
Date: Thu, 29 Aug 2002 20:05:19 -0700
If you're running XP or .NET Server, netstat -o will list the process IDs, so you won't need fport. You would of course have to edit the perl script to work with the changes. -----Original Message----- From: YAO,TONY (HP-NewZealand,ex1) [mailto:tony_yao () hp com] Sent: Tuesday, August 27, 2002 4:21 PM To: 'Janus () etoast com'; incidents () securityfocus com Subject: RE: Trojan? DDOS Bot? Hi Janus, There's an excellent tool I've been using for a while, actually set of tools. Download Procdmp.pl from http://patriot.net/~carvdawg/perl.html. It also has a EXE version PD.EXE running on Windows. To use this tool, you need to have output from Pslist.exe, handle.exe, fport.exe, listdlls.exe and netstat.exe tool. You can get them from http://www.foundstone.com/ or http://www.sysinternals.com/. Netstat.exe is native Windows tool. [snip] ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Trojan? DDOS Bot? Janus (Aug 27)
- Re: Trojan? DDOS Bot? Mike Parkin (Aug 27)
- Re: Trojan? DDOS Bot? Christopher Cramer (Aug 27)
- Re: Trojan? DDOS Bot? Erik Sperling Johansen (Aug 27)
- Re: Trojan? DDOS Bot? Dragos Ruiu (Aug 27)
- Re: Trojan? DDOS Bot? Michael J McCafferty (Aug 27)
- <Possible follow-ups>
- Re: Trojan? DDOS Bot? Richman, Samuel <NHTSA> (Aug 27)
- RE: Trojan? DDOS Bot? Brooke, O'neil (EXP) (Aug 27)
- Re: Trojan? DDOS Bot? Will Tell (Aug 27)
- RE: Trojan? DDOS Bot? YAO,TONY (HP-NewZealand,ex1) (Aug 28)
- RE: Trojan? DDOS Bot? David LeBlanc (Aug 30)