Security Incidents mailing list archives

Re: Strange activity to a laptop?

From: "Johnson, Greg" <JohnsonG () MISSOURI EDU>
Date: Fri, 6 Oct 2000 08:48:30 -0500

A detailed scan of the machine reveals it was listening on
port 1029 (couldn't find anything open on that port).  ...
Does ANYONE have any GOOD tools for WinNT/Win2k to find
out what port is bound to what executable/whatever?!
Secondly, are there programs that will allow you to
effectively  'kill' services (GUI maybe?) that NT
wouldn't ordinarily allow you to see(if hidden?).


Ralph, I've found these useful for similar investigations.

http://ntsecurity.nu/toolbox - Inzider in particular

http://www.sysinternals.com - Handle, TCPView

http://www.zdnet.com/downloads/stories/info/0,,000YKL,.html
  - Startup Cop reveals all levels of startup programs and
    lets you temporarily or permanently disable them.

--

  Greg Johnson - 573-882-5008
  Computing and Network Security Office
  Information and Access Technology Services - 573-882-5000
  615 Locust Street #001
  University of Missouri, Columbia MO 65211

Current thread:

Strange activity to a laptop? LOS Ralph (Oct 05)
- Re: Strange activity to a laptop? Stefan Wagner (Oct 06)
- <Possible follow-ups>
- Re: Strange activity to a laptop? Johnson, Greg (Oct 06)
- Re: Strange activity to a laptop? Lastname, Firstname (Oct 06)
- Re: Strange activity to a laptop? Frank Knobbe (Oct 08)
- Re: Strange activity to a laptop? Jay Random (Oct 11)
- Re: Strange activity to a laptop? Stephen Quigg (Oct 12)