[LINK] One must wonder

Adam Neat adamneat at anoti.com
Thu Sep 1 18:05:09 EST 2005 

Richard,

A fair point. That said, I travel around Asia quite a lot and I find that
when I'm plugged into a hotel broadband network, in some countries, my
laptop is being thumped by port knocking and various attempts to get in. 

I was in a hotel in Korea about a month or so back and my machine was being
so badly hit that the CPU was running at around 40% even without me running
any other apps. 

F-Port helped to track down a Trojan that had been dropped in which wasn't
picked up by the virus scanner. 

Cheers,

Adam

-------------------------------------------------
Adam Neat | Melbourne, Australia
email:  adamneat at anoti.com   
msn:    adamneat_ at hotmail.com
web:    http://www.anoti.com/adamneat/
-------------------------------------------------
 

> 
> I suspect however F-port - or a similar request of any command line tool
> - may be too opaque for most users - see below.
> 
> I'd much rather set paranoid firewall rules, on the basis that if I find
> that something refuses to work, I can change the rules accordingly...
> 
> RC
> ---------------------------------------------------------------------
> Pid   Process            Port  Proto Path
> 812                  ->  135   TCP
> 4     System         ->  139   TCP
> 4     System         ->  445   TCP
> 168                  ->  1026  TCP
> 412   thunderbird    ->  1031  TCP   C:\Program Files\Mozilla
> Thunderbird\thunderbird.exe
> 412   thunderbird    ->  1032  TCP   C:\Program Files\Mozilla
> Thunderbird\thunderbird.exe
> 0     System         ->  1314  TCP
> 0     System         ->  1315  TCP
> 0     System         ->  1316  TCP
> 0     System         ->  1317  TCP
> 0     System         ->  1335  TCP
> 0     System         ->  1336  TCP
> 
> 0     System         ->  123   UDP
> 412   thunderbird    ->  123   UDP   C:\Program Files\Mozilla
> Thunderbird\thunderbird.exe
> 0     System         ->  137   UDP
> 0     System         ->  138   UDP
> 812                  ->  445   UDP
> 4     System         ->  500   UDP
> 168                  ->  1027  UDP
> 0     System         ->  1028  UDP
> 4     System         ->  1029  UDP
> 0     System         ->  1034  UDP
> 412   thunderbird    ->  4500  UDP   C:\Program Files\Mozilla
> Thunderbird\thunderbird.exe
> 
> Adam Neat wrote:
> 
> >If people are keen to understand what processes running on their Windows
> box
> >are making network connections, look for a tool called F-Port. Lists all
> >network connections (in all states) in a similar manner to netstat, but
> then
> >also associates each process to network connections (in all states).
> >
> >Also take a look at what Network Ice and McAfee offer in the way of
> system
> >monitoring - both can be setup to watch your machine for applications
> that
> >are starting up and or attempting to access the network.
> >

More information about the Link mailing list