From: Marcus Merrin (marcus.merrin@emptyair.com)
Date: Wed Nov 26 2003 - 11:22:04 EST
It seems to me that if your machine was compromised, netstat or whatever
would be unlikely to be reliable. I would expect it to be the first
program a root-kit would replace. e.g. a machine that has been "Back
Orificed" will not report the fact that port 31337 is open and ready for
business. You have to probe from outside the machine. For those with a
single machine on a home broadband, one of these on-line tools might be
the only resource available to them if they don't have a friendly geek
to nmap their box. Though I personally wouldn't use an on-line service,
I think it highly unlikey that a cracker would set up a site to solicit
potential victims when there are much easier and less obvious methods
for seeking potential worthwhile prey.
Marcus
>Rogie AkHeim wrote:
>
>I agree that there is no substitute for understanding what processes own TCP and UDP endpoints. For most users, a drop to DOS and interpreting the results of netstat’s output is not such a simple task. (use TCPView for this)
>
>
>
-- //////////////////////////////////////////////////////////// // Marcus Merrin PhD. // EmptyAir Consulting // Linux/Unix-platform database and custom server technology // marcus.merrin@emptyair.com |||||||| http://emptyair.com // (902)225-5188 (Mobile) |||||||||| (902)455-2284 (Office) /////////////////////////////////////////////////////////////
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:42 EDT