Re: Scanning for trojans

From: Eric (ews_at_tellurian.net)
Date: 04/28/03

  • Next message: Discussion Lists: "RE: Scanning for trojans"
    Date: Mon, 28 Apr 2003 16:25:49 -0500
    To: "Discussion Lists" <discussions@lagraphico.com>, <pen-test@securityfocus.com>
    
    

    map the open port back to the executable that launched it.

    ...Microsoft specific advice...
    If on Win2K, use fport from foundstone. If XP, try fport, or do netstat
    -on and map the PID back to the executable.

    At 10:19 AM 4/27/2003 -0700, Discussion Lists wrote:
    >Hi all,
    >I have discovered what I believe is a trojan on a port that is a
    >non-standard port for that particular trojan, but I want to narrow down
    >the possibilities of what it could be. Can anyone suggest a trojan
    >scanner that can detect a trojan by simply scanning for open ports, and
    >connecting?
    >
    >Thanks
    >
    >---------------------------------------------------------------------------
    >Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the
    >world's premier event for IT and network security experts. The two-day
    >Training features 6 hand-on courses on May 12-13 taught by professionals.
    >The two-day Briefings on May 14-15 features 24 top speakers with no vendor
    >sales pitches. Deadline for the best rates is April 25. Register today to
    >ensure your place. http://www.securityfocus.com/BlackHat-pen-test
    >----------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    Did you know that you have VNC running on your network?
    Your hacker does.
    Plug your security holes.
    Download a free 15-day trial of VAM:
    http://www.securityfocus.com/StillSecure-pen-test
    ----------------------------------------------------------------------------


  • Next message: Discussion Lists: "RE: Scanning for trojans"