Try fport from: http://www.foundstone.com/rdlabs/tools.php?category=Forensic or sysinternals' tdimon. Nice paper on using fport at: http://www.sans.org/infosecFAQ/sysadmin/fport.htm gb On 10 Jul 2001, at 15:00, Jacques Exelrud wrote: > I'm using ZoneAlarm on a machine. Starting some days ago the alert log > started to show a UDP connection from my machine to my machine (denied by > ZoneAlamr) > The UDP port is 10000. <-------snip-----------> > > Some of the are known but other are, at least, suspicious. > > Any sugestions on how to find who owns those ports ? ZoneAlarm does not > bother me with them so I suspect that who owns them is services.exe or other > Win200 program that have been allowed to act like a server. > > Thanks in advance, > Jacques ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Jul 12 2001 - 11:20:21 PDT