Security Basics mailing list archives
Re: Hidden Ports
From: Jamie Pratt <jamie () nucdc org>
Date: Thu, 05 Feb 2004 01:47:33 -0500
Dont ever trust netstat/lsof or any other *NIX binary to show you the truth -if your *NIX box has been rootkit'ed, and/or hacked, these system-based binary tools are often changed/modified to hide any ports the intruder might be using - google for a perl script that will query /proc entries for the real processes going on.. (or email me offlist and I can send you one) or use nmap on the local host and if you have a local firewall (iptables/chains/ipfilter etc) running, shut it down briefly for the scan if possible - nate is right, the location of where you scan from can always change results a bit if there are routers/firewalls in the middle...
(fport is fine on windows tho - that should always work, or use 'Vision' - also from foundstone, but is a gui based tool instead that does the same thing)
just my 2 cents anyhow! :-) regards, jamie nate wrote:
Would recommend that on a windows box locally run FPORT from foundstone, ona *NIX box I would use a netstat to view what ports are open.A port scanner could possibly see it or it may not depending on if it is over the internet or if it is on the lan or if it is local to the machine can affect some of the results. -----Original Message-----From: Eduardo Sorensen [mailto:ovo () osite com br] Sent: Tuesday, February 03, 2004 10:46 AMTo: security-basics () securityfocus com Subject: Hidden Ports Can a port scanner not see a port that is opened? The question is: can a backdoor be on a machine, and with nmap -p 1-, for example, you couldn't see it? Thank you, Eduardo ---------------------------------------------------------------------------
---------------------------------------------------------------------------Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any course! All of our class sizes are guaranteed to be 10 students or less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off any course! ----------------------------------------------------------------------------
Current thread:
- Hidden Ports Eduardo Sorensen (Feb 03)
- Re: Hidden Ports Alejandro Flores (Feb 04)
- Re: Hidden Ports Geoff Beier (Feb 04)
- RE: Hidden Ports Dimitri Bertolami (Feb 04)
- RE: Hidden Ports nate (Feb 04)
- Re: Hidden Ports Jamie Pratt (Feb 06)
- Re: Hidden Ports David J. Bianco (Feb 04)
- Re: Hidden Ports Michael Painter (Feb 05)
- Re: Hidden Ports David J. Bianco (Feb 05)
- Re: Hidden Ports Michael Painter (Feb 06)
- Re: Hidden Ports Michael Painter (Feb 05)
- Re: Hidden Ports vrsnet (Feb 06)
- Necessary ports and not necessary ports Benawi (Feb 05)
- Securing Windows Server 2003 [was: Necessary ports and not necessary ports] Joey Peloquin (Feb 05)
- Re: Necessary ports and not necessary ports JGrimshaw (Feb 06)
- Re: Necessary ports and not necessary ports NSC (Feb 06)
- Re: [work] Hidden Ports opticfiber (Feb 05)