RE: Trojan? DDOS Bot?
From: David LeBlanc (dleblanc@microsoft.com)Date: 08/30/02
- Previous message: Marco A. Zamora Cunningham: "RE: [incidents] Bots hitting my web server?"
- Maybe in reply to: Janus@etoast.com: "Trojan? DDOS Bot?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 29 Aug 2002 20:05:19 -0700 From: "David LeBlanc" <dleblanc@microsoft.com> To: "YAO,TONY (HP-NewZealand,ex1)" <tony_yao@hp.com>, <Janus@etoast.com>, <incidents@securityfocus.com>
If you're running XP or .NET Server, netstat -o will list the process
IDs, so you won't need fport. You would of course have to edit the perl
script to work with the changes.
-----Original Message-----
From: YAO,TONY (HP-NewZealand,ex1) [mailto:tony_yao@hp.com]
Sent: Tuesday, August 27, 2002 4:21 PM
To: 'Janus@etoast.com'; incidents@securityfocus.com
Subject: RE: Trojan? DDOS Bot?
Hi Janus,
There's an excellent tool I've been using for a while, actually set of
tools.
Download Procdmp.pl from http://patriot.net/~carvdawg/perl.html. It also
has a EXE version PD.EXE running on Windows.
To use this tool, you need to have output from Pslist.exe, handle.exe,
fport.exe, listdlls.exe and netstat.exe tool. You can get them from
http://www.foundstone.com/ or http://www.sysinternals.com/. Netstat.exe
is native Windows tool.
[snip]
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Previous message: Marco A. Zamora Cunningham: "RE: [incidents] Bots hitting my web server?"
- Maybe in reply to: Janus@etoast.com: "Trojan? DDOS Bot?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
