searching for good WINDOWS security list
I know I may get flamed here but I do use windows as much as I wish not to....so I am searching for a LIST about windows security. I think I may have a Trojan bot on my machine...akkk, they are like harpies (not herpies but harpies the little baby monsters), and Windows seems to be very susceptible to any germ out there..... PS I know I can set up my linux box to sniff at my windows box... how would I do a thing like that. I was hoping to have a direct link from the WIN to the LINUX for the task...what do I use on the linux box? nmap? I read about that someplace...any other tools? Thaanks... This is why I think I have a bot/Trojan, the first 2 lines, tcp port 1080 and 5000 and 139... they are up even when I have no IP assigned to my NIC, they are always there... and I have no idea is what is going on at those ports. I have a fire wall, Zonealarm and a linksys 4 port router that supports NAT...okay okay I am new to this stuff ....lol...but it's fun in some sick and twisted way that I can not figure out. So FLAME ON he he but with a side of help would be greatly appreciated. :) Active Connections Proto Local Address Foreign Address State TCP 0.0.0.0:1080 0.0.0.0:0 LISTENING TCP 0.0.0.0:5000 0.0.0.0:0 LISTENING TCP 24.183.224.125:139 0.0.0.0:0 LISTENING UDP 24.183.224.125:1900 *:* UDP 24.183.224.125:137 *:* UDP 24.183.224.125:138 *:* UDP 127.0.0.1:1026 *:* UDP 127.0.0.1:1041 *:* UDP 127.0.0.1:1095 *:* Aaron L Johnson
-----BEGIN PGP SIGNED MESSAGE----- On Fri, 1 Jun 2001, A_Johnson-SuseML-e wrote:
I know I may get flamed here but I do use windows as much as I wish not to....so I am searching for a LIST about windows security. I think I may have a Trojan bot on my machine...akkk, they are like harpies (not herpies but harpies the little baby monsters), and Windows seems to be very susceptible to any germ out there..... Well, for Windows security, head on to SecurityFocus' MS list. It's called focus-ms, and I think you have to send a mail to focus-ms-subscribe@securityfocus.com to... subscribe. In your case, you could also try their incident list (incident-subscribe@securityfocus.com). They are moderated, an usually of pretty good content.
PS I know I can set up my linux box to sniff at my windows box... how would I do a thing like that. I was hoping to have a direct link from the WIN to the LINUX for the task...what do I use on the linux box? nmap? I read about that someplace...any other tools? Thaanks... tcpdump -s 4096 -v > file
This will sniff the line (both stations must be on the same LAN), and save the results in a file. tcpdump has a lot of options, you might be better off taking a look at the man page.
This is why I think I have a bot/Trojan, the first 2 lines, tcp port 1080 and 5000 and 139... they are up even when I have no IP assigned to my NIC, they are always there... and I have no idea is what is going on at those ports. I have a fire wall, Zonealarm and a linksys 4 port router that supports NAT...okay okay I am new to this stuff ....lol...but it's fun in some sick and twisted way that I can not figure out. So FLAME ON he he but with a side of help would be greatly appreciated. :)
No need to flame. There is already too much noise on this list.
Active Connections
Proto Local Address Foreign Address State TCP 0.0.0.0:1080 0.0.0.0:0 LISTENING
1080 is usually bound to a socks proxy.
TCP 0.0.0.0:5000 0.0.0.0:0 LISTENING ??
TCP 24.183.224.125:139 0.0.0.0:0 LISTENING 139 is used by Windows for file sharing. This means your computer is maybe wide open for people to look at your files, if not put files you're not aware of on your computer. I'd freak out, if I were you.
UDP 24.183.224.125:1900 *:* UDP 24.183.224.125:137 *:* UDP 24.183.224.125:138 *:* 137 and 138 UDP are also used for Windows file sharing.
UDP 127.0.0.1:1026 *:* UDP 127.0.0.1:1041 *:* UDP 127.0.0.1:1095 *:*
Good luck, Lionel - -- Phidani Software (http://www.phidani.be/) RainCode Corp. (http://www.raincode.com/) Personal Home Page: http://www.phidani.be/homes/lionel/ Tel: +32 2 522 06 63 Mobile: +32 477 710 386 PGP Key Id: 0x1834C977 PGP Key fingerprint: 1F3C CA11 8A82 BC50 99DC 29D3 D348 F8D9 -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com iQCVAwUBOxfO4gGQDBkYNMl3AQHaKgP/bpGYww4gUo9QMEb8qq0uSQWs26sL7Etw iExWsr4EfSKLe7ysdMOfgce9+yP3LdwdaHE1UnpMz1QPryagDijhZX4BJAWBRL+o h/vFTmGJBFrBZUamv0rgdKudnRBvCAy7K1/8fBv33gSlWpzIw4qQe2HimO6LiTzi wn17Dv+ltfE= =wrKj -----END PGP SIGNATURE-----
On Fri, Jun 01, 2001 at 20:20 +0200, Lionel Ferette wrote:
On Fri, 1 Jun 2001, A_Johnson-SuseML-e wrote:
PS I know I can set up my linux box to sniff at my windows box... how would I do a thing like that. I was hoping to have a direct link from the WIN to the LINUX for the task...what do I use on the linux box? nmap? I read about that someplace...any other tools? Thaanks... tcpdump -s 4096 -v > file
This will sniff the line (both stations must be on the same LAN), and save the results in a file. tcpdump has a lot of options, you might be better off taking a look at the man page. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Definitely! Invoke "man tcpdump" and search for the -w and -r options. The above command is somewhat inflexible and its output very hard to analyse afterwards. Plus: some GUI type sniffer tools can take pcap files for their input. So you can simply record where the data is flowing by and yet have fancy analysis where you're comfortable at. :) To the question's originator: Have you considered asking for "man -k network" or "man -k sniff"? Have you browsed the network and security groups in the package selection menu? Have you searched for "Network" related HowTo's which might contain links on how to analyse and fix network problems? virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76 Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net -- If you don't understand or are scared by any of the above ask your parents or an adult to help you.
I know I may get flamed here but I do use windows as much as I wish not to....so I am searching for a LIST about windows security.
What security? It's very simple windows security is an oxymoron. As for your other problem, just use modprobe(8), it's much friendlier than individual insmods. Why so many lists? You like a low profile, don't you? regards Rob
participants (4)
-
A_Johnson-SuseML-e
-
Gerhard Sittig
-
Lionel Ferette
-
Robert Davies