Re: [fw-wiz] OT? New compromise.
- From: "Richard Golodner" <rgolodner@xxxxxxxxxxxxxxxx>
- Date: Wed, 28 Mar 2007 18:37:35 -0400
Whatever I/P stack you are using, I would start pumping some MSN I/M
packets around on my small subnet for this kind of thing. Mirroring a port
will give you the data and you can analyze with your favorite sniffer. See
what happens as the needed ports come alive and then timeout. It might give
you a better picture.
[mailto:firewall-wizards-bounces@xxxxxxxxxxxxxxxxxxxxxxx] On Behalf Of J.
Sent: Wednesday, March 28, 2007 2:25 PM
To: Firewall Wizards Security Mailing List
Subject: Re: [fw-wiz] OT? New compromise.
St John, Richard wrote:
Once you determine there might be an issue, I think there used to be a
program called openports which would run on the machine and relate any
LISTENING or ESTABLISHED ports to the actual file that has the port
open. This would then give you the service/process/program waiting for
traffic on that port.
/c:\netstat -an |find /i "listening"/
Why download when you can use existing tools...
#lsof|grep -i listen
#netstat -l|grep "*"
#netstat -a|grep -i listen (for Solaris ... at least 5.10)
sil . infiltrated @ net http://www.infiltrated.net
The happiness of society is the end of government.
firewall-wizards mailing list