Printable View
Languards nice.. Never use shadow scanner that ****'s still "listening" on my netstat and i uninstalled it and deleted the keys more then a day ago.. Maybe it's just me.
Anyway, can anyone point me how to learn scripts for languard? It'd be nice to know.
Close that port that it's listening on "insidedout".
I prefer retina.
Retina is a great scanner.
If you don't understand how it works at first, try it on yourself so yuo can get a better understanding of it.
Retina,Iris,Xscanner, Etc Etc really pending on your current os.
- TuX
Ok guys, I just learned about the netsat command. So, I ran netstat -a, and here's what I have:
Active Connections
Proto Local Address Foreign Address State
TCP JAMES:ftp JAMES.HIFS:0 LISTENING
TCP JAMES:epmap JAMES.HIFS:0 LISTENING
TCP JAMES:microsoft-ds JAMES.HIFS:0 LISTENING
TCP JAMES:1056 JAMES.HIFS:0 LISTENING
TCP JAMES:1076 JAMES.HIFS:0 LISTENING
TCP JAMES:1133 JAMES.HIFS:0 LISTENING
TCP JAMES:1162 JAMES.HIFS:0 LISTENING
TCP JAMES:1540 JAMES.HIFS:0 LISTENING
TCP JAMES:2058 JAMES.HIFS:0 LISTENING
TCP JAMES:2062 JAMES.HIFS:0 LISTENING
TCP JAMES:2063 JAMES.HIFS:0 LISTENING
TCP JAMES:42510 JAMES.HIFS:0 LISTENING
TCP JAMES:1161 JAMES.HIFS:0 LISTENING
TCP JAMES:1161 JAMES.HIFS:1162 ESTABLISHED
TCP JAMES:1162 JAMES.HIFS:1161 ESTABLISHED
TCP JAMES:netbios-ssn JAMES.HIFS:0 LISTENING
TCP JAMES:1073 JAMES.HIFS:0 LISTENING
TCP JAMES:1073 DATASERV0:netbios-ssn ESTABLISHED
TCP JAMES:1133 FMKSERV:5003 ESTABLISHED
TCP JAMES:1540 JAY:microsoft-ds ESTABLISHED
TCP JAMES:2058 216.239.41.99:http ESTABLISHED
What does this tell me? Are the ports marked as "listening" of any concern? I know all the ports from 1162 down are for local network stuff, but I'm still trying to learn how to read what I'm looking at. If there was something malicious going on, what might it look like (just an example or something)?
if you run netstat -ano you will get more usefull info.
for a list of all the netstat commands just type "netstat ?" no quotes.