Quote:
As a port blocker:
If you have port 139 open (or any other port associated with a service) you can block file sharing and instead send a message to anyone connecting:
NC –L –s xxx.xxx.xxx.xxx –p 139 –e warning.bat
Warning.bat:
@echo off
call netstat -n
echo Now get the hell out of here lamer!
Call netstat –n >>nclog.txt
When someone telnets to your 139 they will see a record of their connection and someone telling them to beat it, plus you keep a record in a text file and their connection is closed when the batch file (or other executable) finishes.
To do this and catch the data before netbios gets it, you must anchor nc to this interface on that port. This is done with the ‘-s’ and ‘–p’ options, which in this case would be the ip assigned to this connection (interface) and –p 139. If netbios was not enabled the –s option would not be necessary unless you had 2 interfaces (multi-homed)
Even more aggressive strategies can be used on say, well known Trojan ports. Its up to your imagination and the law.
Thats not going to do you much good if you haven't uninstalled that trojan... it has keylogging capabilities....