Security Incidents mailing list archives

Re: Spamming, 'hidden' mail server

From: Jérôme Tytgat <jerome.tytgat () asterion fr>
Date: Fri, 10 Oct 2003 17:02:11 +0200

When it comes to forensics on Wxx, I'm always using tools
from sysinternals.

- procexpl (Process Explorer) to find out what process/dll are reallyrunning and the dependencies

- TCPView to find which process is listening to which port

- TDIMon is really useful as it track down the process talking to thenetwork and list

what they are doing.

There's some other tools that I find convenient too...

In fact I've downloaded all of them in a directory.

You don't need to install anything, they are self running tools

Jerome.

--
=================================
> Jérôme Tytgat
Administrateur Réseau et Sécurité
=== jerome.tytgat () asterion fr ===
=================================



---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

Spamming, 'hidden' mail server Damian Gerow (Oct 09)
- Re: Spamming, 'hidden' mail server Jeff Bollinger (Oct 09)
- <Possible follow-ups>
- Re: Spamming, 'hidden' mail server Karl Levinson (Oct 10)
  - Re: Spamming, 'hidden' mail server Jérôme Tytgat (Oct 10)
  - Re: Spamming, 'hidden' mail server Jérôme Tytgat (Oct 10)