> > >Danny took the typical action seen of most >admins...port scanning the system from the outside, >and comparing the open ports to lists of known trojans >and services. This is inconclusive at best, and leads >to a lot of speculation and time-wasting. Better to >run fport on the system (if NT/2K...if the system is >XP, run netstat w/ the '-o' switch) instead, to see >the process to port mapping. > I took the only action i could given i don't have physical access to the machine and still have not been able to contact the owner, we are currently just watching traffic to and from the box to see if we can see anything that may constitute a patter that could be used to find other hosts on campus that have already or may be in the future owned by similar tools Danny ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed May 29 2002 - 13:10:03 PDT