I saw some people talking about rootkits that hidden process/ports.
One think that i always do to see what ports are open is to run this
perl script:
use IO::Socket;
for($i=0;$i<=65555;$i++)
{
$server[$i] = IO::Socket::INET->new(
Proto => 'tcp',
LocalPort => $i,
Listen => SOMAXCONN,
Reuse => 1) or print "Port $i Open \n" unless $server[$i];
close ($server[$i]);
}
This is good because if "netstat" or "lsof" or "fuser" or any other
program is trojaned , or if it has any firewall and nmap is not finding
all the open ports, this script will show ... The other benefit is that
you cant hidden from it using any LKM code...
What do you thing ?
thanks
Daniel B. Cid
---------------------------------------------------------------------------
----------------------------------------------------------------------------
