Penetration Testing mailing list archives

RE: Scanning for trojans

From: "Discussion Lists" <discussions () lagraphico com>
Date: Mon, 28 Apr 2003 15:05:49 -0700

Thanks, but in my case I don't have local access to the machine, so it
would be helpful to find a way to identify it remotely.  I am beginning
if such an animal actually exists?

Thanks

-----Original Message-----
From: Eric [mailto:ews () tellurian net] 
Sent: Monday, April 28, 2003 2:26 PM
To: Discussion Lists; pen-test () securityfocus com
Subject: Re: Scanning for trojans


map the open port back to the executable that launched it.

...Microsoft specific advice...
If on Win2K, use fport from foundstone.  If XP, try fport, or 
do netstat 
-on and map the PID back to the executable.

At 10:19 AM 4/27/2003 -0700, Discussion Lists wrote:

Hi all,
I have discovered what I believe is a trojan on a port that is a 
non-standard port for that particular trojan, but I want to

narrow down

the possibilities of what it could be.  Can anyone suggest a trojan 
scanner that can detect a trojan by simply scanning for open

ports, and

connecting?

Thanks

-------------------------------------------------------------

----------

----
Attend Black Hat Briefings & Training Europe, May 12-15 in

Amsterdam, the

world's premier event for IT and network security experts.

The two-day

Training features 6 hand-on courses on May 12-13 taught by

professionals.

The two-day Briefings on May 14-15 features 24 top speakers

with no vendor

sales pitches.  Deadline for the best rates is April 25.

Register today to

ensure your place.  http://www.securityfocus.com/BlackHat-pen-test
-------------------------------------------------------------

---------------


---------------------------------------------------------------------------
Did you know that you have VNC running on your network?
Your hacker does.
Plug your security holes.
Download a free 15-day trial of VAM:
http://www.securityfocus.com/StillSecure-pen-test
----------------------------------------------------------------------------

Current thread:

Scanning for trojans Discussion Lists (Apr 28)
- Re: Scanning for trojans cdowns (Apr 28)
- <Possible follow-ups>
- Re: Scanning for trojans Eric (Apr 28)
- RE: Scanning for trojans Discussion Lists (Apr 28)
  - RE: Scanning for trojans Rob Shein (Apr 29)
- RE: Scanning for trojans Discussion Lists (Apr 29)
- re: Scanning for Trojans anj (Apr 30)