Thanks to all for your thoughtful responses! I could not find any scanners out there, and I thought I would consult the experts. It sounds like none of you know of anything out there that will do what I need it to do, so looks like it is time to roll up the sleeves and write something. The NASL plug-in was a good idea, so I think I will start there. I don't think a new tool needs to be written at this point. To all again, thank you. > -----Original Message----- > From: Discussion Lists > Sent: Monday, April 28, 2003 3:06 PM > To: Eric; pen-testat_private > Subject: RE: Scanning for trojans > > > Thanks, but in my case I don't have local access to the > machine, so it would be helpful to find a way to identify it > remotely. I am beginning if such an animal actually exists? > > Thanks > > > -----Original Message----- > > From: Eric [mailto:ewsat_private] > > Sent: Monday, April 28, 2003 2:26 PM > > To: Discussion Lists; pen-testat_private > > Subject: Re: Scanning for trojans > > > > > > map the open port back to the executable that launched it. > > > > ...Microsoft specific advice... > > If on Win2K, use fport from foundstone. If XP, try fport, or > > do netstat > > -on and map the PID back to the executable. > > > > At 10:19 AM 4/27/2003 -0700, Discussion Lists wrote: > > >Hi all, > > >I have discovered what I believe is a trojan on a port that is a > > >non-standard port for that particular trojan, but I want to > > narrow down > > >the possibilities of what it could be. Can anyone suggest a trojan > > >scanner that can detect a trojan by simply scanning for open > > ports, and > > >connecting? > > > > > >Thanks > > > > > >------------------------------------------------------------- > > ---------- > > >---- > > >Attend Black Hat Briefings & Training Europe, May 12-15 in > > Amsterdam, the > > >world's premier event for IT and network security experts. > > The two-day > > >Training features 6 hand-on courses on May 12-13 taught by > > professionals. > > >The two-day Briefings on May 14-15 features 24 top speakers > > with no vendor > > >sales pitches. Deadline for the best rates is April 25. > > Register today to > > >ensure your place. http://www.securityfocus.com/BlackHat-pen-test > > >------------------------------------------------------------- > > --------------- > > > > > > > > -------------------------------------------------------------- > ------------- > Did you know that you have VNC running on your network? > Your hacker does. > Plug your security holes. > Download a free 15-day trial of VAM: > http://www.securityfocus.com/StillSecure-pen-> test > > > -------------------------------------------------------------- > -------------- > > --------------------------------------------------------------------------- Did you know that you have VNC running on your network? Your hacker does. Plug your security holes. Download a free 15-day trial of VAM: http://www.securityfocus.com/StillSecure-pen-test ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Tue Apr 29 2003 - 08:11:24 PDT