Re: Can anyone identify this possible backdoor?

From: Daniel Bartlett (dan_at_lockedbox.net)
Date: 08/28/03

Next message: Whiteside, Larry [contractor]: "Buffer Overflow in Windows Alpha systems"

Previous message: Harlan Carvey: "Re: Can anyone identify this possible backdoor?"
In reply to: Harlan Carvey: "Re: Can anyone identify this possible backdoor?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: incidents@securityfocus.com
Date: Wed, 27 Aug 2003 23:27:16 +0100 (BST)

You could also try amap from http://www.thc.org/releases.php
Its quite good for fingerprinting open ports.
Regards,
Daniel.

PS. I hope that this isn't a dupe post i haven't noticed anyone suggest
it.

On 8/27/2003, "Harlan Carvey" <keydet89@yahoo.com> wrote:

>
>> > 6) Again, I don't have physical access, so a
>> standard forensic
>> > investigation is unlikely. Thus my asking.
>>
>> Do you have any access at all? If so, run FPortNG
>> from
>> http://www.securityfocus.com/data/tools/FPortNG.zip
>> to identify what's listening on that port.
>
>Physical access isn't necessary to run fport, or
>perhaps more preferably, openports from DiamondCS.
>You can use psexec.exe from SysInternals to run the
>tools remotely, if you can an admin connection to the
>box.
>
>Harlan
>
>
>
>__________________________________
>Do you Yahoo!?
>Yahoo! SiteBuilder - Free, easy-to-use web site design software
>http://sitebuilder.yahoo.com
>
>---------------------------------------------------------------------------
>Attend Black Hat Briefings & Training Federal, September 29-30 (Training),
>October 1-2 (Briefings) in Tysons Corner, VA; the world's premier
>technical IT security event. Modeled after the famous Black Hat event in
>Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
>Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com
>----------------------------------------------------------------------------
>

---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training),
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier
technical IT security event. Modeled after the famous Black Hat event in
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------

Next message: Whiteside, Larry [contractor]: "Buffer Overflow in Windows Alpha systems"

Previous message: Harlan Carvey: "Re: Can anyone identify this possible backdoor?"
In reply to: Harlan Carvey: "Re: Can anyone identify this possible backdoor?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Can anyone identify this possible backdoor?
... Attend Black Hat Briefings & Training Federal, September 29-30, ... Modeled after the famous Black Hat event in ... Symantec is the Diamond sponsor. ...
(Incidents)
Re: Pen Test mistake
... Subject: Pen Test mistake ... Attend Black Hat Briefings & Training Federal, ... Modeled after the famous Black Hat event ... Symanetc is the Diamond sponsor. ...
(Pen-Test)
RE: Re: Hunting for Mr Badmouth
... Attend Black Hat Briefings & Training Federal, ... Modeled after the famous Black Hat event ... Symantec is the Diamond sponsor. ... Attend Black Hat Briefings & Training Federal, September 29-30, ...
(Security-Basics)
RE: Windows XP Pro cracker?
... Attend Black Hat Briefings & Training Federal, ... Modeled after the famous Black Hat event ... Symantec is the Diamond sponsor. ...
(Security-Basics)
RE: Windows XP Pro cracker?
... Attend Black Hat Briefings & Training Federal, September 29-30, ... Modeled after the famous Black Hat event in ... Symantec is the Diamond sponsor. ...
(Security-Basics)