[Techtalk] Trojans or not (What to do when disaster strikes)
phiber2001
phiber2001 at yahoo.com
Fri Mar 29 13:43:50 EST 2002
Dear friends:
Just out of good old habits I was running netstat -nl to 127.0.0.1, nmap
-sS 127.0.0.1 and saw that Elite (B02k) and Netbus were listening to port
31337, 12345, 12346 respectively. I then checked "ps -aux" and found no
process suspicious enough to catch my attention. Then I went through three
commands: "netstat -lpa", "lsof | grep -i TCP" & "lsof -i | grep
"12345|12346|31337"". All gave me the same result - those ports (31337,
12345, 12346) were listened by Portsentry (something I recently installed).
Now, the above part helps in two ways. It helps newbies to do some primary
investigation when things goes wrong (little bit of digital forensics:) and
it helps elites to answer my following question.
My question is why Portsentry is listening for those ports. I mean, so far
I know these trojans are only for Windows platforms.
~p
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
More information about the Techtalk
mailing list