[wplug] port scans

[Henry Umansky]

Good call, I used my Mac OSX network utility to run a portscan.  I don't 
think my machine was compromised I was just wondering on a way I can keep 
track of ports used on my machine for situations if it was compromised.

-Henry

--On Thursday, October 24, 2002 3:04 PM -0400 coldfire <rolick571 at duq.edu> 
wrote:r

>> > Is there any tool for linux that will let me see what ports are open
>> > on my  local machine??  Sort of like a portscanner, but only for the
>> > local machine.
>>
>> /bin/netstat
>>
>> `/bin/netstat -pan` will tell you every port open on your system, what
>> it's connected to, what transport protocol it's using, and the process
>> that opened it.
>
> this, provided the machine has not been comprimised and netstat is indeed
> the original binary which came with the distribution :)
>
> if you are just checking to see which ports are open and which processes
> might have opened these ports, netstat is definitely the way to go ('man
> netstat' .. but i mostly just use the netstat -apn mentioned earlier).
>
> however, if you suspect the machine was comprimised, you should most
> definitely scan the machine from another trusted source using a utility
> such as nmap.  the reasoning is that if a machine is comprimised and some
> arbitrary port is opened up (such as 6667 which has been the most popular
> lately), then the attacker may have altered netstat in such a way that it
> won't report port 6667 as open even if it is.
>
>
> coldie
>
> _______________________________________________
> wplug mailing list
> wplug at wplug.org
> http://www.wplug.org/mailman/listinfo/wplug



Henry Umansky
University of Pittsburgh
Systems/Programmer III
www.pitt.edu/~hmust2
hmust2 at pitt.edu
(412)624-4357