Tim Haynes writes:
<sigh> Why do people persist in using nmap at test phase? Sure, if you've been cracked, scan yourself if you want, but if you're looking to see `whatdo I have open?' then nmap is the *last* tool I'd use. Go back to sudo netstat -plan | grep LIST
Well...that would be incorrect. If you have been cracked, or suspect you might have, then you cannot completely rely on the output of netstat, ps, lsof, etc. Many of the rootkits I've seen quite effectively hide themselves behind trojan utilities and shared libs, making detection by such casual methods as you indicate difficult. An acurrate assessment requires more than a single tool. Ken Seefried, CISSP