Re: break in?

From: Jean-Baptiste Marchand (jbm.lists+securityfocus-ms_at_gmail.com)
Date: 11/16/05

  • Next message: enine: "Re: More... On the topic of Windows Hardening, MS05-018?" 
    Date: Wed, 16 Nov 2005 17:30:39 +0100
To: focus-ms@securityfocus.com

    * Ansgar -59cobalt- Wiechers <bugtraq@planetcobalt.net> [16/11/05 - 09:36]:

    > On 2005-11-15 Harlan Carvey wrote:
    > >> 3. Have you run netstat to see what's trying to connect to the ftp
    > >> and web sites? I'd recommend netstat -b -v so you can see the
    > >> executables that spawned the processes making the connections.
    > >
    > > I wasn't aware that the -b switch worked on Win2K...I thought that it
    > > was only XP that the switch worked on.
    >
    > XP with SP2 installed. It doesn't work on any prior version, not even XP
    > RTM or SP1.

    By the way, the -b option is also supported in Windows Server 2003 SP1
    and is different from the one in Windows XP SP2, it would be great if
    Microsoft backported the changes to XP:

            http://www.hsc.fr/ressources/breves/min_w2k3_net_srv.html.en

    (section 5, Windows Server 2003 SP1).

    As you can see, in Windows Server 2003 SP1, the -b option reports the
    the Windows service name inside shared processes instead of DLL
    backtrace as in XP SP2.

    To come back to the original topic, Microsoft recently released an
    update to add support for the netstat -o option in Windows 2000:

            http://support.microsoft.com/?id=907980

    However, the update is not publicly available.

    Also, because you don't have tasklist.exe on a default Windows 2000
    system, you will probably continue to use TcpView, to obtain directly
    the information:

            http://www.sysinternals.com/Utilities/TcpView.html

    Jean-Baptiste Marchand

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------

  • Next message: enine: "Re: More... On the topic of Windows Hardening, MS05-018?"

    Relevant Pages

    • Re: Windows Startup Taking a Long Time
      ... It may help speed up your system, but it should be clean ... using Windows XP "prettifications". ... As for Service Pack 2 (SP2) for Windows XP, ... You should at least turn on the built in firewall. ...
      (microsoft.public.windowsxp.help_and_support)
    • Re: Slow startup and shutdown
      ... > applications that have always been present, ... The problem began before loading SP2 and hasn't changed. ... using Windows XP "prettifications". ... You should at least turn on the built in firewall. ...
      (microsoft.public.windowsxp.perform_maintain)
    • Re: question about clean install after SP2
      ... > After SP2 install my IE was seriously defective. ... You should periodically defragment your hard drives as well as check them ... using Windows XP "prettifications". ... You should at least turn on the built in firewall. ...
      (microsoft.public.windowsxp.help_and_support)
    • Re: Browser Adverts????????
      ... With everything in this list and SP2.. ... It contains advice ... using Windows XP "prettifications". ... You should at least turn on the built in firewall. ...
      (microsoft.public.windowsxp.help_and_support)
    • Re: Frequent Hourglass in Explorer
      ... I think this did start happening when I upgraded to SP2. ... frequently check Windows Update, etc., but haven't upgraded back to SP2 yet, ... >>Many times lately, when I try to do some function in Windows Explorer, ... > to what you are reporting. ...
      (microsoft.public.windowsxp.general)