hi gene,
this is a very uneffective way of doing it. if your host has been compromised
then chances are good that your netstat (and ps, ls, anti-virus program, etc
etc) might also be compromised (replaced with a root kit/trojan).
i'd say the best bet is an offline copy of your last tripwire run. maybe compare
your tripwire sums before every backup, and port scan your boxes to see what is
listening where.
hope this helps,
--
--jan van rensburg
There's this thing called being
so open-minded your brains drop out.
-Richard Dawkins
> this on a regular basis by just issuing a "netstat -an | grep LISTENING"
> (sorry for mixing a unix tool with an NT example, but you get my drift).
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
