RE: Trojan? DDOS Bot?

From: David LeBlanc (dleblancat_private)
Date: Thu Aug 29 2002 - 20:05:19 PDT

  • Next message: zcatat_private: "RE: [incidents] Bots hitting my web server?"

    If you're running XP or .NET Server, netstat -o will list the process
    IDs, so you won't need fport. You would of course have to edit the perl
    script to work with the changes.
    -----Original Message-----
    From: YAO,TONY (HP-NewZealand,ex1) [mailto:tony_yaoat_private] 
    Sent: Tuesday, August 27, 2002 4:21 PM
    To: 'Janusat_private'; incidentsat_private
    Subject: RE: Trojan? DDOS Bot?
    Hi Janus,
    There's an excellent tool I've been using for a while, actually set of
    Download from It also
    has a EXE version PD.EXE running on Windows.
    To use this tool, you need to have output from Pslist.exe, handle.exe,
    fport.exe, listdlls.exe and netstat.exe tool. You can get them from or Netstat.exe
    is native Windows tool.
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see:

    This archive was generated by hypermail 2b30 : Fri Aug 30 2002 - 13:36:47 PDT