Penetration Testing mailing list archives

Re: Scanning for trojans

From: Eric <ews () tellurian net>
Date: Mon, 28 Apr 2003 16:25:49 -0500

map the open port back to the executable that launched it.

...Microsoft specific advice...

If on Win2K, use fport from foundstone. If XP, try fport, or do netstat-on and map the PID back to the executable.


At 10:19 AM 4/27/2003 -0700, Discussion Lists wrote:

Hi all,
I have discovered what I believe is a trojan on a port that is a
non-standard port for that particular trojan, but I want to narrow down
the possibilities of what it could be.  Can anyone suggest a trojan
scanner that can detect a trojan by simply scanning for open ports, and
connecting?

Thanks

---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the
world's premier event for IT and network security experts.  The two-day
Training features 6 hand-on courses on May 12-13 taught by professionals.
The two-day Briefings on May 14-15 features 24 top speakers with no vendor
sales pitches.  Deadline for the best rates is April 25.  Register today to
ensure your place.  http://www.securityfocus.com/BlackHat-pen-test
----------------------------------------------------------------------------




---------------------------------------------------------------------------
Did you know that you have VNC running on your network?
Your hacker does.
Plug your security holes.
Download a free 15-day trial of VAM:
http://www.securityfocus.com/StillSecure-pen-test
----------------------------------------------------------------------------

Current thread:

Scanning for trojans Discussion Lists (Apr 28)
- Re: Scanning for trojans cdowns (Apr 28)
- <Possible follow-ups>
- Re: Scanning for trojans Eric (Apr 28)
- RE: Scanning for trojans Discussion Lists (Apr 28)
  - RE: Scanning for trojans Rob Shein (Apr 29)
- RE: Scanning for trojans Discussion Lists (Apr 29)
- re: Scanning for Trojans anj (Apr 30)