searching for good WINDOWS security list
I know I may get flamed here but I do use windows as much as I wish not to....so I am searching for a LIST about windows security. I think I may have a Trojan bot on my machine...akkk, they are like harpies (not herpies but harpies the little baby monsters), and Windows seems to be very susceptible to any germ out there..... PS I know I can set up my linux box to sniff at my windows box... how would I do a thing like that. I was hoping to have a direct link from the WIN to the LINUX for the task...what do I use on the linux box? nmap? I read about that someplace...any other tools? Thaanks... This is why I think I have a bot/Trojan, the first 2 lines, tcp port 1080 and 5000 and 139... they are up even when I have no IP assigned to my NIC, they are always there... and I have no idea is what is going on at those ports. I have a fire wall, Zonealarm and a linksys 4 port router that supports NAT...okay okay I am new to this stuff ....lol...but it's fun in some sick and twisted way that I can not figure out. So FLAME ON he he but with a side of help would be greatly appreciated. :) Active Connections Proto Local Address Foreign Address State TCP 0.0.0.0:1080 0.0.0.0:0 LISTENING TCP 0.0.0.0:5000 0.0.0.0:0 LISTENING TCP 24.183.224.125:139 0.0.0.0:0 LISTENING UDP 24.183.224.125:1900 *:* UDP 24.183.224.125:137 *:* UDP 24.183.224.125:138 *:* UDP 127.0.0.1:1026 *:* UDP 127.0.0.1:1041 *:* UDP 127.0.0.1:1095 *:* Aaron L Johnson
From A_Johnson-SuseML-e to suse-security@suse.com, suse-linux-e@suse.com,...:
PS I know I can set up my linux box to sniff at my windows box... how would I do a thing like that. I was hoping to have a direct link from the WIN to the LINUX for the task...what do I use on the linux box? nmap? I read about that someplace...any other tools? Thaanks... Nmap is a portscanner, not a sniffer. In fact I don't really know which is a *real* good sniffer. Just search on freshmeat.net for it. You'll certainly find one. I don't think the thing on port 139 is harmfull, I portscanned my mother's windows and she has it also running. For the others I don't know. Maybe some Win2K stuff? Can't help you with the mailinglist either, you might want to take a look on www.securityfocus.com.
hth,
This is why I think I have a bot/Trojan, the first 2 lines, tcp port 1080 and 5000 and 139... they are up even when I have no IP assigned to my NIC, they are always there... and I have no idea is what is going on at those ports. I have a fire wall, Zonealarm and a linksys 4 port router that supports NAT...okay okay I am new to this stuff ....lol...but it's fun in some sick and twisted way that I can not figure out. So FLAME ON he he but with a side of help would be greatly appreciated. :)
Active Connections
Proto Local Address Foreign Address State TCP 0.0.0.0:1080 0.0.0.0:0 LISTENING TCP 0.0.0.0:5000 0.0.0.0:0 LISTENING TCP 24.183.224.125:139 0.0.0.0:0 LISTENING UDP 24.183.224.125:1900 *:* UDP 24.183.224.125:137 *:* UDP 24.183.224.125:138 *:* UDP 127.0.0.1:1026 *:* UDP 127.0.0.1:1041 *:* UDP 127.0.0.1:1095 *:*
Aaron L Johnson
-- dieter
Hi, Port 137, 138 & 139 being open are generally info that a Windows machine is willing to share files and printers. Most folks see this as a security risk. I think it depends a bit on whether you run a personal firewall on the machine. Good luck, Mark -----Original Message----- From: dieter [mailto:dieter@FreeBSD.rave.org] Sent: Friday, June 01, 2001 11:20 AM To: A_Johnson-SuseML-e Cc: suse-security@suse.com; suse-linux-e@suse.com Subject: Re: [SLE] searching for good WINDOWS security list
From A_Johnson-SuseML-e to suse-security@suse.com, suse-linux-e@suse.com,...:
PS I know I can set up my linux box to sniff at my windows box... how would I do a thing like that. I was hoping to have a direct link from the WIN to the LINUX for the task...what do I use on the linux box? nmap? I read about that someplace...any other tools? Thaanks... Nmap is a portscanner, not a sniffer. In fact I don't really know which is a *real* good sniffer. Just search on freshmeat.net for it. You'll certainly find one. I don't think the thing on port 139 is harmfull, I portscanned my mother's windows and she has it also running. For the others I don't know. Maybe some Win2K stuff? Can't help you with the mailinglist either, you might want to take a look on www.securityfocus.com.
hth,
This is why I think I have a bot/Trojan, the first 2 lines, tcp port 1080 and 5000 and 139... they are up even when I have no IP assigned to my NIC, they are always there... and I have no idea is what is going on at those ports. I have a fire wall, Zonealarm and a linksys 4 port router that supports NAT...okay okay I am new to this stuff ....lol...but it's fun in some sick and twisted way that I can not figure out. So FLAME ON he he but with a side of help would be greatly appreciated. :)
Active Connections
Proto Local Address Foreign Address State TCP 0.0.0.0:1080 0.0.0.0:0 LISTENING TCP 0.0.0.0:5000 0.0.0.0:0 LISTENING TCP 24.183.224.125:139 0.0.0.0:0 LISTENING UDP 24.183.224.125:1900 *:* UDP 24.183.224.125:137 *:* UDP 24.183.224.125:138 *:* UDP 127.0.0.1:1026 *:* UDP 127.0.0.1:1041 *:* UDP 127.0.0.1:1095 *:*
Aaron L Johnson
-- dieter -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq and the archives at http://lists.suse.com
From A_Johnson-SuseML-e to suse-security@suse.com, suse-linux-e@suse.com,...:
PS I know I can set up my linux box to sniff at my windows box... how would I do a thing like that. I was hoping to have a direct link from the WIN to the LINUX for the task...what do I use on the linux box? nmap? I read about that someplace...any other tools? Thaanks... I kinda like 'ethereal'. Not only does it sniff traffic on your local ethernet, but it does a great job of parsing and explaining it as well. It runs under 'X'. One note, a catch-22 I found. In order to put the interface into promiscuous mode, it has to run as root. But since root doesn't 'own' the X server, it couldn't open a window! Somebody finally told me about sux - it works like su, but also allows root to run X applications.
-- Rick Green "I have the heart of a little child, and the brain of a genius. ... and I keep them in a jar under my bed"
participants (4)
-
A_Johnson-SuseML-e
-
dieter
-
Mark W. Knecht
-
Rick Green