Educause Security Discussion mailing list archives
Re: Rootkit discovery tools
From: Caroline Couture <caroline () POBOX UPENN EDU>
Date: Tue, 27 Jun 2006 09:42:14 -0400
Hey Dave, I saw this post on the security list and I had some questions about it. Quoting David Taylor <ltr () ISC UPENN EDU>: [snip]
Do a netstat nao on the local machine and then do a remote port scan with a tool such as nmap. If something shows up in the nmap scan that doesn¹t show as listening on the netstat there is likely a rootkit.
How would do this kind of scan? Would you have the computer on the network and scan the ip with nmap or do something else so the computer is not live on the network?
Also, connecting the the remote system with computer manager will let you see hidden services. Open the services on the local machine and compare to the remote listing. This goes for the registry as well
Not sure what you mean by this? Can you explain? I don't know what computer manager is. There is Computer Management, part of admin tools in control panel, that lets you see local services running? How do you look at services remotely? Thanks for answering these questions if you can, and if you have the time. I always want to learn new things. Even if the system usually gets rebuilt anyway. :) Caroline -- College House Computing 3702 Spruce St. 215.573.3887 ITSS for DuBois "Fairy Tales are more than true; not because they tell us that dragons exist, but because they tell us that dragons can be beaten." -- G. K. Chesterton
Current thread:
- Rootkit discovery tools John Tooley (Jun 26)
- <Possible follow-ups>
- Re: Rootkit discovery tools Wes Young (Jun 27)
- Re: Rootkit discovery tools David Taylor (Jun 27)
- Re: Rootkit discovery tools Caroline Couture (Jun 27)
- Re: Rootkit discovery tools Graham Toal (Jun 27)
- Re: Rootkit discovery tools Wyman Miles (Jun 27)
- Re: Rootkit discovery tools David Boyer (Jun 27)
- Re: Rootkit discovery tools James H Moore (Jun 27)
- Re: Rootkit discovery tools David Taylor (Jun 27)
- Re: Rootkit discovery tools Mike Wiseman (Jun 27)
- Re: Rootkit discovery tools Graham Toal (Jun 27)
- Re: Rootkit discovery tools Wyman Miles (Jun 27)
- Re: Rootkit discovery tools Valdis Kletnieks (Jun 28)
- Re: Rootkit discovery tools Graham Toal (Jun 28)
(Thread continues...)