If you're running XP or .NET Server, netstat -o will list the process IDs, so you won't need fport. You would of course have to edit the perl script to work with the changes. -----Original Message----- From: YAO,TONY (HP-NewZealand,ex1) [mailto:tony_yaoat_private] Sent: Tuesday, August 27, 2002 4:21 PM To: 'Janusat_private'; incidentsat_private Subject: RE: Trojan? DDOS Bot? Hi Janus, There's an excellent tool I've been using for a while, actually set of tools. Download Procdmp.pl from http://patriot.net/~carvdawg/perl.html. It also has a EXE version PD.EXE running on Windows. To use this tool, you need to have output from Pslist.exe, handle.exe, fport.exe, listdlls.exe and netstat.exe tool. You can get them from http://www.foundstone.com/ or http://www.sysinternals.com/. Netstat.exe is native Windows tool. [snip] ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Aug 30 2002 - 13:36:47 PDT