> -----Original Message-----
> From: Lee Hughes [mailto:[EMAIL PROTECTED]]
> the most dangerous trojans are the ones that sit on common
> port numbers,
> such
> at 25, 80 and 135,136,137..trojans that occupy this port
> space are harder
> to track down, as you need to actually sniff the packets, and find out
> whats inside the payload.... nasty stuff....
I've been playing with Snort recently, which does a pretty good job of picking things like this up. It monitors all traffic on a given interface, matches it against a rule file and generates a report showing all suspicious activity. It runs under UNIX and Windows and it's a free download from:
- Scott
