From: Andre Protas (aprotas@eeye.com)
Date: Thu Jul 21 2005 - 13:51:25 EDT
'netstat -ao' and correlate to your PID.
Signed,
Andre Derek Protas
Security Researcher
eEye Digital Security
aprotas eeye com
-----Original Message-----
From: Bartholomew, Brian J [mailto:BartholomewBJ@state.gov]
Sent: Thursday, July 21, 2005 9:47 AM
To: thenightweighsheavy@gmail.com; pen-test@securityfocus.com
Subject: RE: Unknown App
A simple Fport should tell you what it is...
http://www.foundstone.com/index.htm?subnav=resources/navigation.htm&subc
ontent=/resources/proddesc/fport.htm
Brian J. Bartholomew (CISSP)
Red Cell
US Department of State
Bureau of Diplomatic Security
Office of Computer Security
Ph: 571-345-2670
Cell: 202-369-6349
-----Original Message-----
From: thenightweighsheavy@gmail.com
[mailto:thenightweighsheavy@gmail.com]
Sent: Thursday, July 21, 2005 2:56 AM
To: pen-test@securityfocus.com
Subject: Unknown App
Hello,
During a recent pen-test, I discovered that port 80 is opened by an
unknown application on multiple client workstations (WinXP). No web
server appears to be running or installed - I've tested a few things,
but I'm curious what the list thinks is the best next-step to take.
Thanks,
Golden Earring
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:37 EDT