Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: break in?

from [Jean-Baptiste Marchand] Network Security [Permanent Link]
Subject: Re: break in?
Date: Wed, 16 Nov 2005 17:30:39 +0100 
* Ansgar -59cobalt- Wiechers <bugtraq@planetcobalt.net> [16/11/05 - 09:36]:


On 2005-11-15 Harlan Carvey wrote:

3. Have you run netstat to see what's trying to connect to the ftp
and web sites? I'd recommend netstat -b -v so you can see the
executables that spawned the processes making the connections.


I wasn't aware that the -b switch worked on Win2K...I thought that it
was only XP that the switch worked on.


XP with SP2 installed. It doesn't work on any prior version, not even XP
RTM or SP1.


By the way, the -b option is also supported in Windows Server 2003 SP1
and is different from the one in Windows XP SP2, it would be great if
Microsoft backported the changes to XP:

        http://www.hsc.fr/ressources/breves/min_w2k3_net_srv.html.en

(section 5, Windows Server 2003 SP1).

As you can see, in Windows Server 2003 SP1, the -b option reports the
the Windows service name inside shared processes instead of DLL
backtrace as in XP SP2.

To come back to the original topic, Microsoft recently released an
update to add support for the netstat -o option in Windows 2000:

        http://support.microsoft.com/?id=907980

However, the update is not publicly available.

Also, because you don't have tasklist.exe on a default Windows 2000
system, you will probably continue to use TcpView, to obtain directly
the information:

        http://www.sysinternals.com/Utilities/TcpView.html

Jean-Baptiste Marchand

---------------------------------------------------------------------------
---------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Administrivia: Trimming replies, Marc Fossi
Next by Date:  Re: More... On the topic of Windows Hardening, MS05-018?, enine
Previous by Thread:  Re: break in?, Ansgar -59cobalt- Wiechers
Next by Thread:  RE: break in?, dave kleiman
Indexes:  [Date] [Thread] [Top] [All Lists]