Thanks, but in my case I don't have local access to the machine, so it would be helpful to find a way to identify it remotely. I am beginning if such an animal actually exists? Thanks > -----Original Message----- > From: Eric [mailto:ewsat_private] > Sent: Monday, April 28, 2003 2:26 PM > To: Discussion Lists; pen-testat_private > Subject: Re: Scanning for trojans > > > map the open port back to the executable that launched it. > > ...Microsoft specific advice... > If on Win2K, use fport from foundstone. If XP, try fport, or > do netstat > -on and map the PID back to the executable. > > At 10:19 AM 4/27/2003 -0700, Discussion Lists wrote: > >Hi all, > >I have discovered what I believe is a trojan on a port that is a > >non-standard port for that particular trojan, but I want to > narrow down > >the possibilities of what it could be. Can anyone suggest a trojan > >scanner that can detect a trojan by simply scanning for open > ports, and > >connecting? > > > >Thanks > > > >------------------------------------------------------------- > ---------- > >---- > >Attend Black Hat Briefings & Training Europe, May 12-15 in > Amsterdam, the > >world's premier event for IT and network security experts. > The two-day > >Training features 6 hand-on courses on May 12-13 taught by > professionals. > >The two-day Briefings on May 14-15 features 24 top speakers > with no vendor > >sales pitches. Deadline for the best rates is April 25. > Register today to > >ensure your place. http://www.securityfocus.com/BlackHat-pen-test > >------------------------------------------------------------- > --------------- > > > --------------------------------------------------------------------------- Did you know that you have VNC running on your network? Your hacker does. Plug your security holes. Download a free 15-day trial of VAM: http://www.securityfocus.com/StillSecure-pen-test ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Mon Apr 28 2003 - 15:52:11 PDT