From: Discussion Lists (discussions@lagraphico.com)
Date: Tue Apr 29 2003 - 10:07:55 EDT
Thanks to all for your thoughtful responses! I could not find any
scanners out there, and I thought I would consult the experts. It
sounds like none of you know of anything out there that will do what I
need it to do, so looks like it is time to roll up the sleeves and write
something. The NASL plug-in was a good idea, so I think I will start
there. I don't think a new tool needs to be written at this point. To
all again, thank you.
> -----Original Message-----
> From: Discussion Lists
> Sent: Monday, April 28, 2003 3:06 PM
> To: Eric; pen-test@securityfocus.com
> Subject: RE: Scanning for trojans
>
>
> Thanks, but in my case I don't have local access to the
> machine, so it would be helpful to find a way to identify it
> remotely. I am beginning if such an animal actually exists?
>
> Thanks
>
> > -----Original Message-----
> > From: Eric [mailto:ews@tellurian.net]
> > Sent: Monday, April 28, 2003 2:26 PM
> > To: Discussion Lists; pen-test@securityfocus.com
> > Subject: Re: Scanning for trojans
> >
> >
> > map the open port back to the executable that launched it.
> >
> > ...Microsoft specific advice...
> > If on Win2K, use fport from foundstone. If XP, try fport, or
> > do netstat
> > -on and map the PID back to the executable.
> >
> > At 10:19 AM 4/27/2003 -0700, Discussion Lists wrote:
> > >Hi all,
> > >I have discovered what I believe is a trojan on a port that is a
> > >non-standard port for that particular trojan, but I want to
> > narrow down
> > >the possibilities of what it could be. Can anyone suggest a trojan
> > >scanner that can detect a trojan by simply scanning for open
> > ports, and
> > >connecting?
> > >
> > >Thanks
> > >
> > >-------------------------------------------------------------
> > ----------
> > >----
> > >Attend Black Hat Briefings & Training Europe, May 12-15 in
> > Amsterdam, the
> > >world's premier event for IT and network security experts.
> > The two-day
> > >Training features 6 hand-on courses on May 12-13 taught by
> > professionals.
> > >The two-day Briefings on May 14-15 features 24 top speakers
> > with no vendor
> > >sales pitches. Deadline for the best rates is April 25.
> > Register today to
> > >ensure your place. http://www.securityfocus.com/BlackHat-pen-test
> > >-------------------------------------------------------------
> > ---------------
> >
> >
> >
>
> --------------------------------------------------------------
> -------------
> Did you know that you have VNC running on your network?
> Your hacker does.
> Plug your security holes.
> Download a free 15-day trial of VAM:
> http://www.securityfocus.com/StillSecure-pen-> test
>
>
> --------------------------------------------------------------
> --------------
>
>
---------------------------------------------------------------------------
Did you know that you have VNC running on your network?
Your hacker does.
Plug your security holes.
Download a free 15-day trial of VAM:
http://www.securityfocus.com/StillSecure-pen-test
----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:32 EDT