Re: other mysterious port things
Hi !
I'm a disquette with this utilities clean.
#mount /dev/fd0 /floppy
#cd /floppy
#./netstat -antp
Regards
César.
Ken Seefried wrote:
>
> Tim Haynes writes:
> >
> > <sigh> Why do people persist in using nmap at test phase? Sure, if you've
> > been cracked, scan yourself if you want, but if you're looking to see `what
> > do I have open?' then nmap is the *last* tool I'd use.
> >
> > Go back to
> > sudo netstat -plan | grep LIST
>
> Well...that would be incorrect. If you have been cracked, or suspect you
> might have, then you cannot completely rely on the output of netstat, ps,
> lsof, etc. Many of the rootkits I've seen quite effectively hide themselves
> behind trojan utilities and shared libs, making detection by such casual
> methods as you indicate difficult.
>
> An acurrate assessment requires more than a single tool.
>
> Ken Seefried, CISSP
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: