-----BEGIN PGP SIGNED MESSAGE----- On Fri, 1 Jun 2001, A_Johnson-SuseML-e wrote:
I know I may get flamed here but I do use windows as much as I wish not to....so I am searching for a LIST about windows security. I think I may have a Trojan bot on my machine...akkk, they are like harpies (not herpies but harpies the little baby monsters), and Windows seems to be very susceptible to any germ out there..... Well, for Windows security, head on to SecurityFocus' MS list. It's called focus-ms, and I think you have to send a mail to focus-ms-subscribe@securityfocus.com to... subscribe. In your case, you could also try their incident list (incident-subscribe@securityfocus.com). They are moderated, an usually of pretty good content.
PS I know I can set up my linux box to sniff at my windows box... how would I do a thing like that. I was hoping to have a direct link from the WIN to the LINUX for the task...what do I use on the linux box? nmap? I read about that someplace...any other tools? Thaanks... tcpdump -s 4096 -v > file
This will sniff the line (both stations must be on the same LAN), and save the results in a file. tcpdump has a lot of options, you might be better off taking a look at the man page.
This is why I think I have a bot/Trojan, the first 2 lines, tcp port 1080 and 5000 and 139... they are up even when I have no IP assigned to my NIC, they are always there... and I have no idea is what is going on at those ports. I have a fire wall, Zonealarm and a linksys 4 port router that supports NAT...okay okay I am new to this stuff ....lol...but it's fun in some sick and twisted way that I can not figure out. So FLAME ON he he but with a side of help would be greatly appreciated. :)
No need to flame. There is already too much noise on this list.
Active Connections
Proto Local Address Foreign Address State TCP 0.0.0.0:1080 0.0.0.0:0 LISTENING
1080 is usually bound to a socks proxy.
TCP 0.0.0.0:5000 0.0.0.0:0 LISTENING ??
TCP 24.183.224.125:139 0.0.0.0:0 LISTENING 139 is used by Windows for file sharing. This means your computer is maybe wide open for people to look at your files, if not put files you're not aware of on your computer. I'd freak out, if I were you.
UDP 24.183.224.125:1900 *:* UDP 24.183.224.125:137 *:* UDP 24.183.224.125:138 *:* 137 and 138 UDP are also used for Windows file sharing.
UDP 127.0.0.1:1026 *:* UDP 127.0.0.1:1041 *:* UDP 127.0.0.1:1095 *:*
Good luck, Lionel - -- Phidani Software (http://www.phidani.be/) RainCode Corp. (http://www.raincode.com/) Personal Home Page: http://www.phidani.be/homes/lionel/ Tel: +32 2 522 06 63 Mobile: +32 477 710 386 PGP Key Id: 0x1834C977 PGP Key fingerprint: 1F3C CA11 8A82 BC50 99DC 29D3 D348 F8D9 -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com iQCVAwUBOxfO4gGQDBkYNMl3AQHaKgP/bpGYww4gUo9QMEb8qq0uSQWs26sL7Etw iExWsr4EfSKLe7ysdMOfgce9+yP3LdwdaHE1UnpMz1QPryagDijhZX4BJAWBRL+o h/vFTmGJBFrBZUamv0rgdKudnRBvCAy7K1/8fBv33gSlWpzIw4qQe2HimO6LiTzi wn17Dv+ltfE= =wrKj -----END PGP SIGNATURE-----