This tool is only for NT and Windows 2000.
You can always use Inzider or other tools.
(http://ntsecurity.nu/toolbox/)
Erwin
-----Original Message-----
From: Michael Thumann
[mailto:[EMAIL PROTECTED]]
Sent: dinsdag 9 januari 2001 15:32
To: [EMAIL PROTECTED]
Subject: Re: ping activity originating from my home machine
There's a Commandline Tools available on
http://www.foundstone.com/resources/tools.html that's called FPort.
It maps the listening TCP and UDP Ports to the running process, so you can
figure out what which application
is generating the traffic. I've only tested this useful little programm on
WinNT but never on WinME but I
think it will work.
Hope that helps ;-)
Michael
> ------------------------------
>
> Date: Mon, 8 Jan 2001 11:09:23 -0700
> From: "Mike Forrester" <[EMAIL PROTECTED]>
> Subject: RE: ping activity originating from my home machine
>
> My home PC is an HP and they have a bunch of junk installed by default.
The
> one app that annoyed me was some sort of auto-update program that looked
for
> updates and automatically updated the system. Do a netstat -a (or -an for
> no names) and see what ports are open. If you're trying to figure out
which
> app is the culprit, install a sniffer (ethereal.zing.org) and see if you
can
> match the source port with the packets going to ans.net. Also, Zone Alarm
> and Norton Personal Firewall are much more helpful when trying to figure
> this stuff out as they inform you when an app tries to connect out.
>
> I rebuilt my HP and it works much better now. Most of the drivers you
need
> are on one of the CD's that comes with it...
>
> Mike
>
> - -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Steve Coleman
> Sent: Monday, January 08, 2001 8:49 AM
> To: [EMAIL PROTECTED]
> Subject: ping activity originating from my home machine
>
> Hello,
>
> I recently bought a new (WinME HP 850Mhz) machine for my personal use at
> home, attached it to a cable modem, and the next day installed BlackICE
> to help protect it. I have since noticed a lot of ICMP traffic that
> BlackICE was considering to be a ping flood attack. After attaching a
> network sniffing package I found that my machine was trying to ping
> address 207.26.131.137 (ans.net), the packets were timing out, and the
> ICMP packet was the notification of that ttl expiration.
>
> My question is why would my brand new WinME system be trying to ping a
> nonexistant machine at ans.net? I can only imagine that it might be some
> kind of backdoor notification of a newly compromised system. If it has
> been compromized then they must have done it within the first 24 hours
> of having it plugged in. Has anyone else seen this kind of traffic going
> through their firewall or did the people configuring my OS (i.e. Best
> Buy) install something I don't need/want installed?
>
> Thanks for your help.
>
> - --
> Steve Coleman <[EMAIL PROTECTED]> http://www.jhuapl.edu/
> High Performance, fault tolerant, distributed, real-time computing
> <<-------->> Johns Hopkins Applied Physics Laboratory <<--------->>
> Balt:443-778-6330 Fax:443-778-5597 Wash:240-228-6330 Fax:240-228-5597
> - -
--
Michael Thumann
Sparkasse Singen-Radolfzell
Sitz: 78224 Singen
Registergericht:Singen HRA 943
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
