[Fwd: INZIDER!]

[BlueBoar () THIEVCO COM (Blue Boar)]

"Joe L. White" wrote:
> in the documentation for inzider, it clearly states that the program may need to be run more than once in order to 
> detect all bound ports. i have found mixed results (inconsistent) as to how many processes are detected in each 
> subsequent run of the program.
>
> original website for tool:  http://www.bahnhof.se/~winnt/toolbox/inzider/
> current website:  http://ntsecurity.nu/toolbox/inzider/
>
> from the documentation posted at the website:
>
> What is inzider?
>
> This is a very useful tool which lists the current processes in your Windows system and the ports each one listen on. 
> It is written to work on Windows NT and
> Windows 9x, and I know of no other program which does what inzider does. There have been some stability problems on 
> Windows 9x, which I thought were
> solved but were still left although not as frequent. In the new version (1.2) I have done a few changes to improve 
> both stability and reliability. I guess there is
> still much left to wish for, but over all I think inzider is a success, and it's quite popular despite the problems. 
> On Windows NT, inzider is still unable to check
> processes which are started as services. Yet, it's very useful - for example, check out this page about inzider vs. 
> bo2k (Back Orifice 2000). Keep your eyes
> open in the future, there will most likely come new improved versions.
>
> How do I use this tool?
>
> Download the install program file and run it. The install program is created with the freeware (for non commercial 
> use) GkSetup written by Gero Kühn. After
> installation, run inzider from the Start menu. It will take some seconds and then you will see a list of processes 
> and which ports they listen on. Sometimes all
> processes aren't listed on the first try. If this happens, close the program and restart it. Repeat this until all 
> processes are shown (which usually takes at
> most 2-3 tries). To minimize the risks of experiencing problems, please save all unsaved work before running inzider. 
> Also close any valuable documents
> and similar that you have open. After you finish using inzider, reboot the system to guarantee it's stability.
>
> also, an faq for the tool is posted here:
>
> http://ntsecurity.nu/toolbox/inzider/faq.shtml
>
> hope this helps,
>
> joe
>
> <<<>>>
>
> Please respond to BlueBoar () THIEVCO COM@Internet
> To:     VULN-DEV () SECURITYFOCUS COM@Internet
> cc:
> Subject:        Re: INZIDER!
>
> Wolfgang Gassner wrote:
> > INZIDER???
> >
> > This prog isnt working good, maybe its a kind of new
> > Trojan or Virus!!!!!
>
> Any reason to suspect that, or is this wild speculation?
>
> > I tested it running Netbus and Back Orifice on it and it doesnt
> > detected it!!
>
> ... Implying that you thought it was a carrier for Netbus or BO??
>
> > It only gives some Information on Port 135, 139 ....
>
> Which is what it's supposed to do, right?  Did it miss some ports?
>
> > I believe the best an reliable way to determine which port is open
> > is              netstat -an !!!
>
> How about posting a comparison output from the two on your machine?
>
>                                                 BB