[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: other mysterious port things

Hi !

  I'm a disquette with this utilities clean.
  #mount /dev/fd0 /floppy
  #cd /floppy
  #./netstat -antp 


Ken Seefried wrote:
> Tim Haynes writes:
> >
> > <sigh> Why do people persist in using nmap at test phase? Sure, if you've
> > been cracked, scan yourself if you want, but if you're looking to see `what
> > do I have open?' then nmap is the *last* tool I'd use.
> >
> > Go back to
> >         sudo netstat -plan | grep LIST
> Well...that would be incorrect.  If you have been cracked, or suspect you
> might have, then you cannot completely rely on the output of netstat, ps,
> lsof, etc.  Many of the rootkits I've seen quite effectively hide themselves
> behind trojan utilities and shared libs, making detection by such casual
> methods as you indicate difficult.
> An acurrate assessment requires more than a single tool.
> Ken Seefried, CISSP
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: