RE: Trojan? DDOS Bot?

From: David LeBlanc (dleblancat_private)
Date: Thu Aug 29 2002 - 20:05:19 PDT

  • Next message: zcatat_private: "RE: [incidents] Bots hitting my web server?"

    If you're running XP or .NET Server, netstat -o will list the process
    IDs, so you won't need fport. You would of course have to edit the perl
    script to work with the changes.
    
    -----Original Message-----
    From: YAO,TONY (HP-NewZealand,ex1) [mailto:tony_yaoat_private] 
    Sent: Tuesday, August 27, 2002 4:21 PM
    To: 'Janusat_private'; incidentsat_private
    Subject: RE: Trojan? DDOS Bot?
    
    
    Hi Janus,
    
    There's an excellent tool I've been using for a while, actually set of
    tools. 
    
    Download Procdmp.pl from http://patriot.net/~carvdawg/perl.html. It also
    has a EXE version PD.EXE running on Windows.
    
    To use this tool, you need to have output from Pslist.exe, handle.exe,
    fport.exe, listdlls.exe and netstat.exe tool. You can get them from
    http://www.foundstone.com/ or http://www.sysinternals.com/. Netstat.exe
    is native Windows tool.
    
    [snip]
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Fri Aug 30 2002 - 13:36:47 PDT