J. Oquendo wrote:
[Pine doesn't like the encoding, so I'm replying from this account]
> Stian Øvrevåge wrote:
>
>>> On Windows
>>> /c:\netstat -an |find /i "listening"/
>>>
>>> Why download when you can use existing tools...
>>>
>>
>> Ever heard of rootkits?
>>
> No I haven't can I buy this somewhere? I don't use Windows but if I
Come on, the point was very valid. I wish more admins would consider it
when things go from incident to investigation it's important.
>
> Sysinternals (before MS rolled over them) had some neat tools one
> of which provided the admin with the name of the program running
> that had said ports opened along with the DLL file information, etc.
> I'm sure older Forensics disks (F.I.R.E, Snarl) etc., have the tool
> on them.
>
Sysinternals *still* has some neat tools, and (yep, mark it on your
calendars, I'm saying it) Microsoft rolling over them has actually
improved things somewhat. Instead of multiple versions, you now tend to
get just one binary that'll run on all the platforms. They're still
redirecting the URL too.
Paul
--
President and Chairman, FluidIT Group
Moderator, Firewall-Wizards. Editor, Network Firewall FAQ
New blog: http://www.fluiditgroup.com/blog/pdr/
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
|