[LINK] One must wonder

Howard Lowndes lannet at lannet.com.au
Thu Sep 1 20:58:16 EST 2005 


Adam Neat wrote:
> Richard,
> 
> A fair point. That said, I travel around Asia quite a lot and I find that
> when I'm plugged into a hotel broadband network, in some countries, my
> laptop is being thumped by port knocking and various attempts to get in. 
> 
> I was in a hotel in Korea about a month or so back and my machine was being
> so badly hit that the CPU was running at around 40% even without me running
> any other apps. 
> 
> F-Port helped to track down a Trojan that had been dropped in which wasn't
> picked up by the virus scanner. 

Which proves the point why you should not run Winders.

> 
> Cheers,
> 
> Adam
> 
> -------------------------------------------------
> Adam Neat | Melbourne, Australia
> email:  adamneat at anoti.com   
> msn:    adamneat_ at hotmail.com
> web:    http://www.anoti.com/adamneat/
> -------------------------------------------------
>  
> 
> 
>>I suspect however F-port - or a similar request of any command line tool
>>- may be too opaque for most users - see below.
>>
>>I'd much rather set paranoid firewall rules, on the basis that if I find
>>that something refuses to work, I can change the rules accordingly...
>>
>>RC
>>---------------------------------------------------------------------
>>Pid   Process            Port  Proto Path
>>812                  ->  135   TCP
>>4     System         ->  139   TCP
>>4     System         ->  445   TCP
>>168                  ->  1026  TCP
>>412   thunderbird    ->  1031  TCP   C:\Program Files\Mozilla
>>Thunderbird\thunderbird.exe
>>412   thunderbird    ->  1032  TCP   C:\Program Files\Mozilla
>>Thunderbird\thunderbird.exe
>>0     System         ->  1314  TCP
>>0     System         ->  1315  TCP
>>0     System         ->  1316  TCP
>>0     System         ->  1317  TCP
>>0     System         ->  1335  TCP
>>0     System         ->  1336  TCP
>>
>>0     System         ->  123   UDP
>>412   thunderbird    ->  123   UDP   C:\Program Files\Mozilla
>>Thunderbird\thunderbird.exe
>>0     System         ->  137   UDP
>>0     System         ->  138   UDP
>>812                  ->  445   UDP
>>4     System         ->  500   UDP
>>168                  ->  1027  UDP
>>0     System         ->  1028  UDP
>>4     System         ->  1029  UDP
>>0     System         ->  1034  UDP
>>412   thunderbird    ->  4500  UDP   C:\Program Files\Mozilla
>>Thunderbird\thunderbird.exe
>>
>>Adam Neat wrote:
>>
>>
>>>If people are keen to understand what processes running on their Windows
>>
>>box
>>
>>>are making network connections, look for a tool called F-Port. Lists all
>>>network connections (in all states) in a similar manner to netstat, but
>>
>>then
>>
>>>also associates each process to network connections (in all states).
>>>
>>>Also take a look at what Network Ice and McAfee offer in the way of
>>
>>system
>>
>>>monitoring - both can be setup to watch your machine for applications
>>
>>that
>>
>>>are starting up and or attempting to access the network.
>>>
> 
> 
> _______________________________________________
> Link mailing list
> Link at mailman.anu.edu.au
> http://mailman.anu.edu.au/mailman/listinfo/link
> 

-- 
Howard.
LANNet Computing Associates - Your Linux people <http://lannet.com.au>
-- 
When you just want a system that works, you choose Linux;
When you want a system that just works, you choose Microsoft.
-- 
Flatter government, not fatter government;
Get rid of the Australian states.

More information about the Link mailing list