Security Basics mailing list archives
RE: Application backdoor suspect
From: Tony Fondo <Tony.Fondo () patlive com>
Date: Mon, 16 Dec 2002 12:17:48 -0500
for other *nix based, you can use lsof -T -----Original Message----- From: Catfish [mailto:catfish () catfish homeip net] Sent: Monday, December 16, 2002 12:20 AM To: skp () sargam com; security-basics () securityfocus com Subject: Re: Application backdoor suspect You didn't say what os you are using, I'll assume windows... Check out sysinternals for filemon and regmon. They let you see what the program does with the registry and files in realtime. Also check network sniffing programs to see what it sends out over the network.
My question is there a way to see what files the application is calling on during the synch process. I want to see what other info it is sending. Its troubling to know that the app is sending info that is not relevant to its starting up.
Current thread:
- Application backdoor suspect skp (Dec 13)
- Re: Application backdoor suspect Catfish (Dec 16)
- Re: Application backdoor suspect Gene (Dec 17)
- <Possible follow-ups>
- RE: Application backdoor suspect Tony Fondo (Dec 17)
- Re: Application backdoor suspect nick84 (Dec 17)
- Re: Application backdoor suspect H C (Dec 18)