Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Strange ports open

From: George Bakos <alpinista () BIGFOOT COM>
Date: Wed, 18 Oct 2000 08:09:57 -0400
Sorry to hear that.  Nice high UDP ports listening interactively.  I'm
sure there is no need to overstate the obvious trojan customization
possibility.  One trick I use is to listen with Sysinternals' tdimon
while I connect to the box in question.  Unfortunately, this does
nothing for you remotely, and is only effective if the process makes
use of the transport driver interface, most do.

On 17 Oct 00, at 8:56, Webmaster wrote:


I can't run lsof on a remote Windows machine.

Paul


lsof -i :[port in question] should do the trick.  lsof (list open files)
can be had at ftp://vic.cc.purdue.edu/pub/tools/unix/lsof/




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 Any sufficiently advanced technology
 is indistinguishable from magic.
 Arthur C. Clarke
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 George Bakos
 alpinista () bigfoot com
Previous By Date Next
Previous By Thread Next

Current thread: