Security Basics mailing list archives

RE: Application backdoor suspect

From: Tony Fondo <Tony.Fondo () patlive com>
Date: Mon, 16 Dec 2002 12:17:48 -0500

for other *nix based, you can use lsof

-T
-----Original Message-----
From: Catfish [mailto:catfish () catfish homeip net]
Sent: Monday, December 16, 2002 12:20 AM
To: skp () sargam com; security-basics () securityfocus com
Subject: Re: Application backdoor suspect

You didn't say what os you are using, I'll assume windows...
Check out sysinternals for filemon and regmon. They let you see what the
program does with the registry and files in realtime.
Also check network sniffing programs to see what it sends out over the
network.

My question is there a way to see what files the application is calling on
during the synch process. I want to see what other info it is sending. Its
troubling to know that the app is sending info that is not relevant to its
starting up.

Current thread:

Application backdoor suspect skp (Dec 13)
- Re: Application backdoor suspect Catfish (Dec 16)
- Re: Application backdoor suspect Gene (Dec 17)
- <Possible follow-ups>
- RE: Application backdoor suspect Tony Fondo (Dec 17)
- Re: Application backdoor suspect nick84 (Dec 17)
- Re: Application backdoor suspect H C (Dec 18)