Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: OT? New compromise.

From: "Stian Øvrevåge" <sovrevage () gmail com>
Date: Wed, 28 Mar 2007 22:08:08 +0200
On 3/28/07, J. Oquendo <sil () infiltrated net> wrote:

St John, Richard wrote:


Once you determine there might be an issue, I think there used to be a
program called openports which would run on the machine and relate any
LISTENING or ESTABLISHED ports to the actual file that has the port
open. This would then give you the service/process/program waiting for
traffic on that port.

On Windows
/c:\netstat -an |find /i "listening"/

Why download when you can use existing tools...



Ever heard of rootkits?

And I also think that even if port so and so is listed as belonging to
this and that innocent application is fairly irrelevant. I know for
sure if I wrote a virus/worm (if that's what it is) like this I'd pick
ports that would blend in. From what I understand a large anomaly is
what made Jim do some digging, statistics is a wonderful thing, and
I'm pretty certain that statistic anomalies like this is not
coincidental. The anomaly itself need not be caused by any party that
means harm. But the other signs (though vague) of foul play indicates,
imho, that it might well be.

-- 
Yours Sincerely
Stian Øvrevåge
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: