Re: Can anyone identify this possible backdoor?

From: Harlan Carvey (keydet89_at_yahoo.com)
Date: 08/27/03

Next message: Daniel Bartlett: "Re: Can anyone identify this possible backdoor?"

Previous message: Schmehl, Paul L: "RE: Increasing ICMP Echo Requests"
In reply to: Angelz: "Re: Can anyone identify this possible backdoor?"
Next in thread: Daniel Bartlett: "Re: Can anyone identify this possible backdoor?"
Reply: Daniel Bartlett: "Re: Can anyone identify this possible backdoor?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 27 Aug 2003 13:18:47 -0700 (PDT)
To: incidents@securityfocus.com

> > 6) Again, I don't have physical access, so a
> standard forensic
> > investigation is unlikely. Thus my asking.
>
> Do you have any access at all? If so, run FPortNG
> from
> http://www.securityfocus.com/data/tools/FPortNG.zip
> to identify what's listening on that port.

Physical access isn't necessary to run fport, or
perhaps more preferably, openports from DiamondCS.
You can use psexec.exe from SysInternals to run the
tools remotely, if you can an admin connection to the
box.

Harlan

__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com

---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training),
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier
technical IT security event. Modeled after the famous Black Hat event in
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------

Next message: Daniel Bartlett: "Re: Can anyone identify this possible backdoor?"

Previous message: Schmehl, Paul L: "RE: Increasing ICMP Echo Requests"
In reply to: Angelz: "Re: Can anyone identify this possible backdoor?"
Next in thread: Daniel Bartlett: "Re: Can anyone identify this possible backdoor?"
Reply: Daniel Bartlett: "Re: Can anyone identify this possible backdoor?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

RE: Windows XP Pro cracker?
... Attend Black Hat Briefings & Training Federal, ... Modeled after the famous Black Hat event ... Symantec is the Diamond sponsor. ...
(Security-Basics)
RE: Windows XP Pro cracker?
... Attend Black Hat Briefings & Training Federal, ... Modeled after the famous Black Hat event ... Symantec is the Diamond sponsor. ... Attend Black Hat Briefings & Training Federal, September 29-30, ...
(Security-Basics)
RE: Windows XP Pro cracker?
... Attend Black Hat Briefings & Training Federal, ... Modeled after the famous Black Hat event ... Symantec is the Diamond sponsor. ... Attend Black Hat Briefings & Training Federal, September 29-30, ...
(Security-Basics)
RE: A Canada based wardialer/hacker: +16045507000
... Attend Black Hat Briefings & Training Federal, September 29-30, ... Modeled after the famous Black Hat event in ... Symantec is the Diamond sponsor. ...
(Incidents)
RE: Security on E-Commerce Websites
... Attend Black Hat Briefings & Training Federal, September 29-30, ... Modeled after the famous Black Hat event in ... Symantec is the Diamond sponsor. ...
(Security-Basics)