Re: [fw-wiz] OT? New compromise.

---

• From: "Richard Golodner" <rgolodner@xxxxxxxxxxxxxxxx>
• Date: Wed, 28 Mar 2007 18:37:35 -0400

---

Whatever I/P stack you are using, I would start pumping some MSN I/M
packets around on my small subnet for this kind of thing. Mirroring a port
will give you the data and you can analyze with your favorite sniffer. See
what happens as the needed ports come alive and then timeout. It might give
you a better picture.
Richard

-----Original Message-----
From: firewall-wizards-bounces@xxxxxxxxxxxxxxxxxxxxxxx
[mailto:firewall-wizards-bounces@xxxxxxxxxxxxxxxxxxxxxxx] On Behalf Of J.
Oquendo
Sent: Wednesday, March 28, 2007 2:25 PM
To: Firewall Wizards Security Mailing List
Cc: firewall-wizards@xxxxxxxxxxxxxxxxxxxxxxx
Subject: Re: [fw-wiz] OT? New compromise.

St John, Richard wrote:

Once you determine there might be an issue, I think there used to be a
program called openports which would run on the machine and relate any
LISTENING or ESTABLISHED ports to the actual file that has the port
open. This would then give you the service/process/program waiting for
traffic on that port.

On Windows
/c:\netstat -an |find /i "listening"/

Why download when you can use existing tools...


Others...
#lsof|grep -i listen
#netstat -l|grep "*"
#netstat -a|grep -i listen (for Solaris ... at least 5.10)


--
====================================================
J. Oquendo
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743
sil . infiltrated @ net http://www.infiltrated.net

The happiness of society is the end of government.
John Adams


_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

---

• References:
  • Re: [fw-wiz] OT? New compromise.
    • From: St John, Richard
  • Re: [fw-wiz] OT? New compromise.
    • From: J. Oquendo

• Prev by Date: Re: [fw-wiz] FW: OT? New compromise.
• Next by Date: Re: [fw-wiz] OT? New compromise.
• Previous by thread: Re: [fw-wiz] OT? New compromise.
• Next by thread: Re: [fw-wiz] OT? New compromise.
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Best Plan of action for 2 forest....... ... PortQry reports the status of a port in one of the following ways: ... ..LISTENING This response indicates that a process is listening on the target ... (microsoft.public.windows.server.active_directory) Re: RealVNC ... If we are talking about RealVNC it goes this way ... Then there is default Java listening port on port 5800 on the client machine ... (microsoft.public.windows.server.sbs) Re: Cant join a domain ... Attempting to resolve name to IP address... ... TCP port 42: NOT LISTENING ... (microsoft.public.windows.server.active_directory) Re: Cant join a domain ... Attempting to resolve name to IP address... ... TCP port 42: NOT LISTENING ... (microsoft.public.windows.server.active_directory) Re: Cant connect to port 25 from another system ... The default sendmail config in RH/Fedora has been to only listen on the ... I previously edited the sendmail.mc file to be sure it is listening on ... Both netstat and nmap confirm that the system *is* listening on port ... When I attempt to telnet to port 25 the connection fails. ... (Fedora)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > Firewall-Wizards  > 2007-03