I think it doesn't work right unless you've got root access ;-)
"Why are my first 1024 ports open???" "oh yea, duh"
Nice script :) Thanks!
Matt Simmons
Network Administrator
Wirefire Internet Services
On Thursday 31 July 2003 04:18 pm, Daniel B. Cid wrote:
> I saw some people talking about rootkits that hidden process/ports.
> One think that i always do to see what ports are open is to run this
> perl script:
>
>
> use IO::Socket;
> for($i=0;$i<=65555;$i++)
> {
> $server[$i] = IO::Socket::INET->new(
> Proto => 'tcp',
> LocalPort => $i,
> Listen => SOMAXCONN,
> Reuse => 1) or print "Port $i Open \n" unless $server[$i];
> close ($server[$i]);
> }
>
> This is good because if "netstat" or "lsof" or "fuser" or any other
> program is trojaned , or if it has any firewall and nmap is not finding
> all the open ports, this script will show ... The other benefit is that
> you cant hidden from it using any LKM code...
> What do you thing ?
>
> thanks
>
> Daniel B. Cid
>
>
>
>
>
>
> ---------------------------------------------------------------------------
> ---------------------------------------------------------------------------
>-
---------------------------------------------------------------------------
----------------------------------------------------------------------------
