Re: other mysterious port things
Tim Haynes writes:
<sigh> Why do people persist in using nmap at test phase? Sure, if you've
been cracked, scan yourself if you want, but if you're looking to see `what
do I have open?' then nmap is the *last* tool I'd use.
Go back to
sudo netstat -plan | grep LIST
Well...that would be incorrect. If you have been cracked, or suspect you
might have, then you cannot completely rely on the output of netstat, ps,
lsof, etc. Many of the rootkits I've seen quite effectively hide themselves
behind trojan utilities and shared libs, making detection by such casual
methods as you indicate difficult.
An acurrate assessment requires more than a single tool.
Ken Seefried, CISSP