Hosting Provided By

Re: ghostly mail ports

From: GSimmonds <gsimmonds(at)primus.ca>
Date: Sat Jan 11 2003 - 17:15:41 EST

Original Message ----- From: "joe" <joseph.beard@btopenworld.com> To: <security-basics@securityfocus.com> Sent: Tuesday, January 07, 2003 7:45 PM Subject: ghostly mail ports

--

> -

>

> Scan finished at Wed Jan 08 00:37:09 2003

>

> 1 IP and 1000 ports scanned in 0 hours 0 mins 18.16 secs

>

> but in netstat, activeports, fport they dont! does anybody know where they

> have come from? i googled for ages but dont seem to be getting anywhere.


I'm curious about the discrepancy between the scanner and the port monitor
outputs. First thing I would do, if you're scanning from another machine, is
double check your IP address. If you're scanning from your machine, replace
192.168.0.1 with 127.0.0.1 and see what that shows.

You're correct in saying that an open port requires a process behind it.
Maybe you read this article already, might give you some ideas.
2. Windows Forensics: A Case Study, Part One
by Stephen Barish
http://online.securityfocus.com/infocus/1653

Of course, sans.org will also have some good walkthroughs.

Regards,

Gary

Received on Tue Jan 14 20:36:40 2003

This message: [ Message body ]
Next message: John C. Dack: "RE: Network Scan"
Previous message: Smith, Paul C.: "RE: Account lockout"
In reply to: joe: "ghostly mail ports"
In reply to Security Newsletters-TM: "RE: ghostly mail ports"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:03:35 EDT