[prev in list] [next in list] [prev in thread] [next in thread] 

List:       vuln-dev
Subject:    [Fwd: INZIDER!]
From:       Blue Boar <BlueBoar () THIEVCO ! COM>
Date:       1999-11-20 7:50:10
[Download RAW message or body]

"Joe L. White" wrote:
> 
> in the documentation for inzider, it clearly states that the program may need to be \
> run more than once in order to detect all bound ports. i have found mixed results \
> (inconsistent) as to how many processes are detected in each subsequent run of the \
> program. 
> original website for tool:  http://www.bahnhof.se/~winnt/toolbox/inzider/
> current website:  http://ntsecurity.nu/toolbox/inzider/
> 
> from the documentation posted at the website:
> 
> What is inzider?
> 
> This is a very useful tool which lists the current processes in your Windows system \
> and the ports each one listen on. It is written to work on Windows NT and Windows \
> 9x, and I know of no other program which does what inzider does. There have been \
> some stability problems on Windows 9x, which I thought were solved but were still \
> left although not as frequent. In the new version (1.2) I have done a few changes \
> to improve both stability and reliability. I guess there is still much left to wish \
> for, but over all I think inzider is a success, and it's quite popular despite the \
> problems. On Windows NT, inzider is still unable to check processes which are \
> started as services. Yet, it's very useful - for example, check out this page about \
> inzider vs. bo2k (Back Orifice 2000). Keep your eyes open in the future, there will \
> most likely come new improved versions. 
> How do I use this tool?
> 
> Download the install program file and run it. The install program is created with \
> the freeware (for non commercial use) GkSetup written by Gero Kühn. After \
> installation, run inzider from the Start menu. It will take some seconds and then \
> you will see a list of processes and which ports they listen on. Sometimes all \
> processes aren't listed on the first try. If this happens, close the program and \
> restart it. Repeat this until all processes are shown (which usually takes at most \
> 2-3 tries). To minimize the risks of experiencing problems, please save all unsaved \
> work before running inzider. Also close any valuable documents and similar that you \
> have open. After you finish using inzider, reboot the system to guarantee it's \
> stability. 
> also, an faq for the tool is posted here:
> 
> http://ntsecurity.nu/toolbox/inzider/faq.shtml
> 
> hope this helps,
> 
> joe
> 
> <<<>>>
> 
> Please respond to BlueBoar@THIEVCO.COM@Internet
> To:     VULN-DEV@SECURITYFOCUS.COM@Internet
> cc:
> Subject:        Re: INZIDER!
> 
> Wolfgang Gassner wrote:
> > 
> > INZIDER???
> > 
> > This prog isnt working good, maybe its a kind of new
> > Trojan or Virus!!!!!
> 
> Any reason to suspect that, or is this wild speculation?
> 
> > I tested it running Netbus and Back Orifice on it and it doesnt
> > detected it!!
> 
> ... Implying that you thought it was a carrier for Netbus or BO??
> 
> > 
> > It only gives some Information on Port 135, 139 ....
> 
> Which is what it's supposed to do, right?  Did it miss some ports?
> 
> > 
> > I believe the best an reliable way to determine which port is open
> > is              netstat -an !!!
> > 
> 
> How about posting a comparison output from the two on your machine?
> 
> BB


[prev in list] [next in list] [prev in thread] [next in thread]