PortScans and Trojans... - TechRepublic
General discussion
March 26, 2003 at 06:01 AM
dgemcse

PortScans and Trojans…

by dgemcse . Updated 23 years ago

Need some help thinking like a hacker…
Security or IDS has never been something I could spend alot of time here, as I am a one man army.
Demo’d Retina, and find that there are ports open on certain machines for known trojans. This, after we werehit hard by some backdoors that killed AV on alot of machines, from a remote user bringing his machine in here and connecting (ouch!)
Anyway, netstat on local machines do NOT show the same ports that the portscans are showing as open. EX: retina shows 1045 Rasmin on one machine, but a local netstat does not. Why is that?
What other tools are out there for this kind of detection? I am not good with a sniffer. Was using Super Scan as well as Retina, and they are both showing similar info. Why can I not see this in netstat, and what does it really mean? Infected or not? AV is running and no hits there.

Why would the portscanners show this as open, but not see it locally? Any good reading, or other sources of info for using portscanners to track down other trojans that might be lurking about?

Thanx!!

This discussion is locked

All Comments