Security Incidents mailing list archives
Re: Strange ports open
From: George Bakos <alpinista () BIGFOOT COM>
Date: Wed, 18 Oct 2000 08:09:57 -0400
Sorry to hear that. Nice high UDP ports listening interactively. I'm sure there is no need to overstate the obvious trojan customization possibility. One trick I use is to listen with Sysinternals' tdimon while I connect to the box in question. Unfortunately, this does nothing for you remotely, and is only effective if the process makes use of the transport driver interface, most do. On 17 Oct 00, at 8:56, Webmaster wrote:
I can't run lsof on a remote Windows machine. Paullsof -i :[port in question] should do the trick. lsof (list open files) can be had at ftp://vic.cc.purdue.edu/pub/tools/unix/lsof/
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Any sufficiently advanced technology is indistinguishable from magic. Arthur C. Clarke ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ George Bakos alpinista () bigfoot com
Current thread:
- Strange ports open Webmaster (Oct 16)
- Re: Strange ports open George Bakos (Oct 17)
- Re: Strange ports open NunoTreez (Oct 19)
- <Possible follow-ups>
- Re: Strange ports open Robert G. Ferrell (Oct 19)
- Re: Strange ports open Jose Nazario (Oct 19)
- Re: Strange ports open George Bakos (Oct 19)
- Re: Strange ports open George Bakos (Oct 17)