Tim Haynes writes:
>
> <sigh> Why do people persist in using nmap at test phase? Sure, if you've
> been cracked, scan yourself if you want, but if you're looking to see `what
> do I have open?' then nmap is the *last* tool I'd use.
>
> Go back to
> sudo netstat -plan | grep LIST
Well...that would be incorrect. If you have been cracked, or suspect you
might have, then you cannot completely rely on the output of netstat, ps,
lsof, etc. Many of the rootkits I've seen quite effectively hide themselves
behind trojan utilities and shared libs, making detection by such casual
methods as you indicate difficult.
An acurrate assessment requires more than a single tool.
Ken Seefried, CISSP
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
