not got that far yet ;-), but after my exchange server decided to go into
denial of service today, tnef attachments!!!, if your out there running
exchange 5.5 or exchange 5.5 sp3, then beware, one message from the
new version of outlook express (IE 5.5) can bring your exchange server to a
halt..
sod this for a game of soliders, I'm installing squid proxy, and going
back to sendmail......;-). What's the world comming to when an attachments
can cause your whole e-mail server to do a spectacular bellyflop!! 
apparent tnef attachments can compromise unix machines too, check out
packet storm....they have all the juicy details...crazy.!!!!

oh, enough moaning, any one use floodgate-1, does it do what it says
on the tin?

Cheers,
Microsurf...

-----Original Message-----
From: Oliva, Fabian J [Sprint] [mailto:[EMAIL PROTECTED]]
Sent: 03 August 2000 15:44
To: 'Lee (lunchbox) Hughes'
Subject: RE: [FW1] Need Toolz to Identify what Application/User has Open
W hich udp/t cp sockets NT/UNIX


I running WIN2K(unfortunately) I checked the switches and none of them 
were related the UNIX function that could track which programs had which 
ports open. 
BTW- were you able to harness the evil power of Microslop to get Proxy SVR
to work?

Fabian J. Oliva 
GIS Cyber Security
"UNIX is user friendly, it's just particular about who it's friends
are..."


-----Original Message-----
From: Lee (lunchbox) Hughes [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 03, 2000 8:58 AM
To: [EMAIL PROTECTED]
Subject: [FW1] Need Toolz to Identify what Application/User has Open
Which udp/t cp sockets NT/UNIX



are there any tools that can give 
take a normal netstat -a from a windows 2000 machine for example

 TCP    lee:1093               lee:0                  LISTENING
 TCP    lee:1097               lee:0                  LISTENING
 TCP    lee:netbios-ssn        lee:0                  LISTENING
 TCP    lee:1071               lee:0                  LISTENING
 TCP    lee:1071               NEXUS:netbios-ssn      ESTABLISHED
 TCP    lee:1073               lee:0                  LISTENING
 UDP    lee:epmap              *:*
 UDP    lee:microsoft-ds       *:*
 UDP    lee:1028               *:*
 UDP    lee:1087               *:*
 UDP    lee:1088               *:*
 UDP    lee:1094               *:*
 UDP    lee:1095               *:*
 UDP    lee:4692               *:*
 UDP    lee:1033               *:*
 UDP    lee:1099               *:*
 UDP    lee:netbios-ns         *:*
 UDP    lee:netbios-dgm        *:*
 UDP    lee:isakmp             *:*


are there any tools, that can track what application/users have open/listen
on port's.
example,
you have a user login as fred , that open a telnet session to a host call
lawnmower

what I wan't to see is,

TCP    lee:1071               lawnmower:25                  ESTABLISHED
'fred'  'telnet.exe'

for example, I know netstat -a return a hell of a lot more information on
unix
about streams etc etc, but surely the o/s 'knows' which applications/users 
have connections open or listing for a connection? port  on the tcp/ip
stack???

is this possible, or am I going crazy,it is some netstat parameter I've
missed
all these years...

why do need this, take for example a unsophisticated trojan, easy to spot
using this
method

TCP    lee:1071               hackerinrussia:25  ESTABLISHED    'root'
'trojan.exe'

Any idea, thought's or general flamings...

Cheers,
Lee Hughes
Director of Traffic


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to