Vulnerability Development mailing list archives
Re: INZIDER!
From: rotaiv () BIAPO COM (rotaiv)
Date: Thu, 18 Nov 1999 10:25:51 -0500
At 11/18/99 01:27 AM, Blue Boar wrote:
Wolfgang Gassner wrote:I tested it running Netbus and Back Orifice on it and it doesnt detected
it!!
... Implying that you thought it was a carrier for Netbus or BO?
I think he meant it did not detect Netbus or Back Orifice not that it was carrying it.
It only gives some Information on Port 135, 139 ....Which is what it's supposed to do, right? Did it miss some ports?
When I tested it, my conclusion was that inzider looks for open UDP ports and not TCP ports. The ports he mentioned (135, 139) are UDP whereas I believe Netbus and BO use TCP ports.
I believe the best an reliable way to determine which port is open is netstat -an !!!How about posting a comparison output from the two on your machine? BB
I agree that netstat gives a much better picture but does not provide the associated EXE. Personally, I use AtGuard (for various reasons) as it tells me all TCP/UDP ports and which EXE is using them. It's also practically instant whereas inzider took a long while to tell me very little (UDP only). rotaiv
Current thread:
- Re: INZIDER! Wolfgang Gassner (Nov 17)
- Re: INZIDER! Blue Boar (Nov 17)
- Re: INZIDER! rotaiv (Nov 18)
- Possible DoS attack against Microsoft SQL Server 7.0 kbelian (Nov 17)
- Re: INZIDER! Ryan Permeh (Nov 18)
- Re: INZIDER! Joaquim Alfredo Da Costa (Nov 18)
- Re: INZIDER! Robert Joosten (Nov 19)
- <Possible follow-ups>
- Re: INZIDER! Martin (Nov 18)
- Re: INZIDER! Kotz (Nov 19)
- Re: INZIDER! BrainMaster (Nov 19)
- Re: INZIDER! Blue Boar (Nov 17)