Re: An excellent online pen-test tool

From: Marcus Merrin (marcus.merrin_at_emptyair.com)
Date: 11/26/03

  • Next message: John Lampe: "Re: finding dyndns names for existing IP" 
    Date: Wed, 26 Nov 2003 12:22:04 -0400
To: pen-test@securityfocus.com

    It seems to me that if your machine was compromised, netstat or whatever
    would be unlikely to be reliable. I would expect it to be the first
    program a root-kit would replace. e.g. a machine that has been "Back
    Orificed" will not report the fact that port 31337 is open and ready for
    business. You have to probe from outside the machine. For those with a
    single machine on a home broadband, one of these on-line tools might be
    the only resource available to them if they don't have a friendly geek
    to nmap their box. Though I personally wouldn't use an on-line service,
    I think it highly unlikey that a cracker would set up a site to solicit
    potential victims when there are much easier and less obvious methods
    for seeking potential worthwhile prey.

    Marcus

    >Rogie AkHeim wrote:
    >
    >I agree that there is no substitute for understanding what processes own TCP and UDP endpoints. For most users, a drop to DOS and interpreting the results of netstat’s output is not such a simple task. (use TCPView for this)
    >
    >
    > 

    -- 
////////////////////////////////////////////////////////////
// Marcus Merrin PhD.
// EmptyAir Consulting
// Linux/Unix-platform database and custom server technology
// marcus.merrin@emptyair.com |||||||| http://emptyair.com
// (902)225-5188 (Mobile) |||||||||| (902)455-2284 (Office)
/////////////////////////////////////////////////////////////

  • Next message: John Lampe: "Re: finding dyndns names for existing IP"
    • Quantcast