not got that far yet ;-), but after my exchange server decided to go into denial of service today, tnef attachments!!!, if your out there running exchange 5.5 or exchange 5.5 sp3, then beware, one message from the new version of outlook express (IE 5.5) can bring your exchange server to a halt.. sod this for a game of soliders, I'm installing squid proxy, and going back to sendmail......;-). What's the world comming to when an attachments can cause your whole e-mail server to do a spectacular bellyflop!! apparent tnef attachments can compromise unix machines too, check out packet storm....they have all the juicy details...crazy.!!!! oh, enough moaning, any one use floodgate-1, does it do what it says on the tin? Cheers, Microsurf... -----Original Message----- From: Oliva, Fabian J [Sprint] [mailto:[EMAIL PROTECTED]] Sent: 03 August 2000 15:44 To: 'Lee (lunchbox) Hughes' Subject: RE: [FW1] Need Toolz to Identify what Application/User has Open W hich udp/t cp sockets NT/UNIX I running WIN2K(unfortunately) I checked the switches and none of them were related the UNIX function that could track which programs had which ports open. BTW- were you able to harness the evil power of Microslop to get Proxy SVR to work? Fabian J. Oliva GIS Cyber Security "UNIX is user friendly, it's just particular about who it's friends are..." -----Original Message----- From: Lee (lunchbox) Hughes [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 03, 2000 8:58 AM To: [EMAIL PROTECTED] Subject: [FW1] Need Toolz to Identify what Application/User has Open Which udp/t cp sockets NT/UNIX are there any tools that can give take a normal netstat -a from a windows 2000 machine for example TCP lee:1093 lee:0 LISTENING TCP lee:1097 lee:0 LISTENING TCP lee:netbios-ssn lee:0 LISTENING TCP lee:1071 lee:0 LISTENING TCP lee:1071 NEXUS:netbios-ssn ESTABLISHED TCP lee:1073 lee:0 LISTENING UDP lee:epmap *:* UDP lee:microsoft-ds *:* UDP lee:1028 *:* UDP lee:1087 *:* UDP lee:1088 *:* UDP lee:1094 *:* UDP lee:1095 *:* UDP lee:4692 *:* UDP lee:1033 *:* UDP lee:1099 *:* UDP lee:netbios-ns *:* UDP lee:netbios-dgm *:* UDP lee:isakmp *:* are there any tools, that can track what application/users have open/listen on port's. example, you have a user login as fred , that open a telnet session to a host call lawnmower what I wan't to see is, TCP lee:1071 lawnmower:25 ESTABLISHED 'fred' 'telnet.exe' for example, I know netstat -a return a hell of a lot more information on unix about streams etc etc, but surely the o/s 'knows' which applications/users have connections open or listing for a connection? port on the tcp/ip stack??? is this possible, or am I going crazy,it is some netstat parameter I've missed all these years... why do need this, take for example a unsophisticated trojan, easy to spot using this method TCP lee:1071 hackerinrussia:25 ESTABLISHED 'root' 'trojan.exe' Any idea, thought's or general flamings... Cheers, Lee Hughes Director of Traffic ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
