Re: Ports->Process on Win NT/2k

From: baba ali (cavallycom@hotmail.com)
Date: 09/26/02


Date: 26 Sep 2002 13:59:08 -0000
From: baba ali <cavallycom@hotmail.com>
To: security-basics@securityfocus.com


('binary' encoding is not supported, stored as-is) In-Reply-To: <3D9156A1.FF58C18B@pobox.com>

Hello

I am reading a paper from security online related to detecting and
removing malicious code on Win2k.There is reference to some tools that may
be the answer to your question.The article in question is from H
CArvey "Detecting and removing Trojans and malicious code from Win2" and
you can find the tools on www.sysinternals.com
Hope that help.

  
>Received: (qmail 24603 invoked from network); 25 Sep 2002 20:45:45 -0000
>Received: from outgoing2.securityfocus.com (HELO
outgoing.securityfocus.com) (205.206.231.26)
> by mail.securityfocus.com with SMTP; 25 Sep 2002 20:45:45 -0000
>Received: from lists.securityfocus.com (lists.securityfocus.com
[205.206.231.19])
> by outgoing.securityfocus.com (Postfix) with QMQP
> id 5070A8F38C; Wed, 25 Sep 2002 13:40:13 -0600 (MDT)
>Mailing-List: contact security-basics-help@securityfocus.com; run by ezmlm
>Precedence: bulk
>List-Id: <security-basics.list-id.securityfocus.com>
>List-Post: <mailto:security-basics@securityfocus.com>
>List-Help: <mailto:security-basics-help@securityfocus.com>
>List-Unsubscribe: <mailto:security-basics-unsubscribe@securityfocus.com>
>List-Subscribe: <mailto:security-basics-subscribe@securityfocus.com>
>Delivered-To: mailing list security-basics@securityfocus.com
>Delivered-To: moderator for security-basics@securityfocus.com
>Received: (qmail 28029 invoked from network); 25 Sep 2002 05:54:17 -0000
>Message-ID: <3D9156A1.FF58C18B@pobox.com>
>Date: Wed, 25 Sep 2002 11:54:33 +0530
>From: R Pradeep Chandran <rpc@pobox.com>
>Organization: Siemens Information Systems Ltd.
>X-Mailer: Mozilla 4.79 [en] (WinNT; U)
>X-Accept-Language: en,en-US,en-GB,ml
>MIME-Version: 1.0
>To: security-basics@securityfocus.com
>Subject: Ports->Process on Win NT/2k
>Content-Type: text/plain; charset=us-ascii
>Content-Transfer-Encoding: 7bit
>
>Hi All,
> Is there any utility which provides information on the owner(?)
>of a socket on Win NT/2k? What I want, is to find out which process has
>opened a socket on the machine. For example, if netstat shows that a
>process is listening on port 80, I should be able to use this utility
>and find out what that process is.
>Hve a nice day,
>Pradeep
>--
>Keep me away from the wisdom which does not cry, the philosophy which
>does not laugh and the greatness which does not bow before children.
> -Kahlil Gibran, mystic, poet and artist (1883-1931)
>R Pradeep Chandran
>



Relevant Pages

  • Re: malicious code
    ... Jeff Williams wrote: ... >Does anyone on the list know of any research in detecting "malicious code" ... >as opposed to simply inadvertent security screwups? ...
    (SecProg)
  • malicious code
    ... Does anyone on the list know of any research in detecting "malicious code" ... as opposed to simply inadvertent security screwups? ... best attacks would be very difficult to distinguish from a ordinary ...
    (SecProg)