Re: [fw-wiz] OT? New compromise.

Whatever I/P stack you are using, I would start pumping some MSN I/M
packets around on my small subnet for this kind of thing. Mirroring a port
will give you the data and you can analyze with your favorite sniffer. See
what happens as the needed ports come alive and then timeout. It might give
you a better picture.

-----Original Message-----
From: firewall-wizards-bounces@xxxxxxxxxxxxxxxxxxxxxxx
[mailto:firewall-wizards-bounces@xxxxxxxxxxxxxxxxxxxxxxx] On Behalf Of J.
Sent: Wednesday, March 28, 2007 2:25 PM
To: Firewall Wizards Security Mailing List
Cc: firewall-wizards@xxxxxxxxxxxxxxxxxxxxxxx
Subject: Re: [fw-wiz] OT? New compromise.

St John, Richard wrote:

Once you determine there might be an issue, I think there used to be a
program called openports which would run on the machine and relate any
LISTENING or ESTABLISHED ports to the actual file that has the port
open. This would then give you the service/process/program waiting for
traffic on that port.
On Windows
/c:\netstat -an |find /i "listening"/

Why download when you can use existing tools...

#lsof|grep -i listen
#netstat -l|grep "*"
#netstat -a|grep -i listen (for Solaris ... at least 5.10)

J. Oquendo
sil . infiltrated @ net

The happiness of society is the end of government.
John Adams

firewall-wizards mailing list

Relevant Pages

  • Re: Best Plan of action for 2 forest.......
    ... PortQry reports the status of a port in one of the following ways: ... ..LISTENING This response indicates that a process is listening on the target ...
  • Re: RealVNC
    ... If we are talking about RealVNC it goes this way ... Then there is default Java listening port on port 5800 on the client machine ...
  • Re: RIP issue with HMC - security violation?
    ... using an UDP port, 520, which would normally imply that there was a Routing ... Information Protocol (RIP) process behind it capable of modifying the routing ... as a "listening" state for the application. ...
  • Re: Cant join a domain
    ... Attempting to resolve name to IP address... ... TCP port 42: NOT LISTENING ...
  • Re: Cant join a domain
    ... Attempting to resolve name to IP address... ... TCP port 42: NOT LISTENING ...