The NTRootKit is working on a drop in netstat trojan that will hide theese
types of things. Netstat is not always going to be reliable, when used on
it's own. You may want to start versioning and checksumming binaries now,
or have a clean disk that contains unaltered code. (write protect it).
Details can be gathered at www.rootkit.com(the trojaned netstat is a very
small part of the overall project, and you may be interested in checking
out other parts that may be interesting to this group).
talis
Wolfgang Gassner wrote:
> INZIDER???
>
> This prog isnt working good, maybe its a kind of new
> Trojan or Virus!!!!!
> I tested it running Netbus and Back Orifice on it and it doesnt
> detected it!!
>
> It only gives some Information on Port 135, 139 ....
>
> I believe the best an reliable way to determine which port is open
> is netstat -an !!!
>
> >From: Marc Esipovich <marc_at_MUCOM.CO.IL>
> >Reply-To: Marc Esipovich <marc_at_MUCOM.CO.IL>
> >To: VULN-DEV_at_SECURITYFOCUS.COM
> >Subject: Re: Open Port on Win98 box
> >Date: Wed, 10 Nov 1999 07:19:10 +0200
> >
> > >
> > > Get it here; http://ntsecurity.nu/toolbox/
> > >
> >
> >I got an email from Thomas saying the URL I gave wasn't working, an ftp
> >serach yeilded this:
> >
> > 1 -rw-rw-rw- 237.3K 1999 Oct 25 ftp.kgb.ru/WinSock/inzider.exe
> > 2 -rw-r--r-- 237.3K 1999 Oct 5
> >ftp.frontiernet.net/pub/users/dsf/inzider.exe
> >
> >
> > Marc Esipovich.
> >
> >--
> >root is only a few clicks away...
>
> ______________________________________________________
> Get Your Private, Free Email at http://www.hotmail.com
Received on Nov 18 1999
Intro
