 |
|
|
 Welcome to the Virus.Org Mailing List Archive |
||
 |
||
|
||
|
hello for a great sniffer i would recommend you ethereal...take a look at http://www.ethereal.com/ ... but first you'll have to install winpcap take a look at http://winpcap.polito.it/ hope this helps saludos javier --- Lee Evans <[EMAIL PROTECTED]> wrote: > Hi All, > > I have found an executable called secure.dcom.exe > when looking around a > customers server. They hadnt patched the server > above SP4 and I assume it > has been exploited using the RPC DCOM vulnerability. > A serv-u ftp server has > been installed, but im still looking into it to see > if I can spot anything > else. Netstat shows a bunch of outgoing connections > to 6667 - > irc.homelien.no. Unfortunately there are no IDS or > other systems on this > network segment I can use, so im looking for someway > to capture this traffic > and hopefully track down some more details on the > irc traffic - if anyone > can recommend a good (preferably free) traffic > sniffer I can quickly install > on the host locally (win2k sp4) to decode the IRC > traffic I would be > grateful. > > The exe is available from > http://www.leeevans.org/secure.dcom.exe - if > anyone wants a look. I'd be interested to know more > about it, if anyone has > come across it before or can find out. > > Regards > Lee > -- > Lee Evans > > > --------------------------------------------------------------------------- > ---------------------------------------------------------------------------- > --------------------------------------------------------------------------- ----------------------------------------------------------------------------
|
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.