Security Incidents: Re: maybe a simple problem

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

Re: maybe a simple problem

From: "Igor D. Spivak" <urbanachiever () attbi com>
Date: Wed, 2 Oct 2002 12:49:32 -0700

the way to track that is not trough netstat (is too dependent on chance),
but rather through a process/loaded dll list from an infected machine, being
compared to a similar list on a known good machine and all non-matching
entries researched.

now then http://www.sysinternals.com/win9x/98utilities.shtml this should
help you.
also, what does the telescope look like (just curious).


regards,


IDS


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

By Date By Thread

Current thread:

Re: Unusual volume: UDP:137 probes, (continued)
- RE: Unusual volume: UDP:137 probes Scott, Michael R. (Oct 01)
- Re: Unusual volume: UDP:137 probes Axel Pettinger (Oct 01)
  - Re: Unusual volume: UDP:137 probes James Sneeringer (Oct 01)
    - maybe a simple problem Andrew Fison (Oct 02)
    - Re: maybe a simple problem Igor D. Spivak (Oct 02)
    - RE: maybe a simple problem Greg Reber (Oct 03)
    - Re: maybe a simple problem Brad Arlt (Oct 03)
- RE: Unusual volume: UDP:137 probes Scott, Michael R. (Oct 01)
  - Re: Unusual volume: UDP:137 probes John Sage (Oct 01)
- Re: Unusual volume: UDP:137 probes Maxime Ducharme (Oct 01)