Finding hidden backdoors

it has any firewall and nmap is not finding all the open ports, this script will show ... The other benefit is that you cant hidden from it using any LKM code... What do you thing ? thanks Daniel B. Cid ---

Re: hidden processes

Its means that you have an rootkit installed and it is hidding some process. Its doesnt mean that your ps or netstat has been trojaned... Dbc >On Thu, 2003-07-31 at 09:18, Meritt James wrote: > As a couple of untried thoughts, is 'ps' itself corrupted? Will you get > the reight thing with full-p

RE: what's the meaning of the 0.0.0.0?

In linux machines when you try to connect to 0.0.0.0 it goes to localhost ... And in my last email i said that its a broadcast because it is going to "all" ips in this "broadcast domain*"... Daniel B. Cid >On Thu, 2003-07-24 at 14:53, Dave Killion wrote: > When I tri

RE: Book Review

I agree with you. I saw a lot of excelente books for less than 100 dolars. And you have the internet(and google) with all these topics covered a lot ... Daniel B. Cid >On Tue, 2003-07-22 at 20:21, dave kleiman wrote: > For about twice the cost of the books you could take a good security

RE: what's the meaning of the 0.0.0.0?

0 eth0 $telnet 0.0.0.0 80 Trying 0.0.0.0... Connected to 0.0.0.0 (0.0.0.0). ... []`s Daniel B. Cid >On Mon, 2003-07-21 at 18:43, Roger A. Grimes wrote: > It's a way of indicating the default gateway. It appears like something is > trying to identify the default gate

Re: Netcraft shows ministryofsound is running IIS 5.0 on LINUX ???

You cant trust in everything you see. You can fake it very very easy. In apache, for example, if you change the config file httpd.h (i`m not sure if the name is correct) you can change the server name for whatever you want. It seens to be only a joke from the sys admin from there. see you >On

RE: Firewall and DMZ topology

use this version in aLL your firewalls... someone will me able to break all firewalls very easy ... []`s Daniel B. Cid >On Tue, 2003-06-10 at 16:11, Depp, Dennis M. wrote: > First in order to increase security Firewall1 should not be the same as > Firewall2. Even if they are the sa

Re: Firewall and DMZ topology

. The attacker will only be able to see the email messages (PGP is for that), nothing more.. []`s Daniel B. Cid >On Tue, 2003-06-10 at 13:58, Erik Vincent wrote: > Lets put it in ASCII. > > Internet <-> Firewall <-> LAN > <->

Re: Firewall and DMZ topology

I think similar to you. In most companies all the firewalls are the same(same OS, same version and same configuration).. If someone is able to crack the firewall 1, will be able to crack the firewall 2 and 3 .. []`s Daniel B. Cid >On Tue, 2003-06-10 at 13:41, Zach Crowell wrote: > >

Re: Firewall and DMZ topology

> server <- LAN >(NIC 2) <-> DMZ But what will happen if the attacker break both firewalls ? Is the same question that you gave me before... We are not supposing that the firewall will be broken ... generally people use the same firewall in all th

Re: Firewall and DMZ topology

he DMZ.. if someone compromise the DMZ will be able to snif the conections to the internet and a lot of other things ... ->The "real" purpose of a DMZ is to isolate your public servers, nothing more. []`s Daniel B. Cid >On Mon, 2003-06-09 at 20:53, Chris Berry wrote: > >Fro