Re: OT? New compromise.

["Richard Golodner" <rgolodner () infratection com>]

    Whatever I/P stack you are using, I would start pumping some MSN I/M
packets around on my small subnet for this kind of thing. Mirroring a port
will give you the data and you can analyze with your favorite sniffer. See
what happens as the needed ports come alive and then timeout. It might give
you a better picture. 
Richard

-----Original Message-----
From: firewall-wizards-bounces () listserv cybertrust com
[mailto:firewall-wizards-bounces () listserv cybertrust com] On Behalf Of J.
Oquendo
Sent: Wednesday, March 28, 2007 2:25 PM
To: Firewall Wizards Security Mailing List
Cc: firewall-wizards () listserv cybertrust com
Subject: Re: [fw-wiz] OT? New compromise.

St John, Richard wrote:
> Once you determine there might be an issue, I think there used to be a
> program called openports which would run on the machine and relate any
> LISTENING or ESTABLISHED ports to the actual file that has the port
> open. This would then give you the service/process/program waiting for
> traffic on that port.
On Windows
/c:\netstat -an |find /i "listening"/

Why download when you can use existing tools...


Others...
#lsof|grep -i listen
#netstat -l|grep "*"
#netstat -a|grep -i listen (for Solaris ... at least 5.10)


-- 
====================================================
J. Oquendo
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743
sil . infiltrated @ net http://www.infiltrated.net 

The happiness of society is the end of government.
John Adams


_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards