Front page
Archive
Silflay Hraka?

Bigwig is a systems administrator at a public university
Kehaar is the head web developer for a regional newspaper
Woundwort is a professor of counseling at a private university
The Hraka RSS feed

Email
bigwig AT nc.rr.com

Friends of Hraka
InstaPundit
Daily Pundit
cut on the bias
Meryl Yourish
This Blog Is Full Of Crap
Winds of Change
A Small Victory
Silent Running
Dr. Weevil
Little Green Footballs
ColdFury
Oceanguy
Fragments from Floyd
VodkaPundit
The Feces Flinging Monkey
Coyote at the Dog Show
Dean's World
Little Tiny Lies
The Redsugar Muse
Sperari
Natalie Solent
From the Mrs.
ErosBlog
The Anti-Idiotarian Rottweiler
On the Third Hand
Public Nuisance
Not a Fish
Rantburg
AMCGLTD
WeckUpToThees!
Electric Venom
Skippy, The Bush Kangaroo
Common Sense and Wonder
Expat Egghead dribbling
Wizbang!
Bogieblog
ObscuroRant
RocketJones
The Greatest Jeneration
Ravenwolf
Ipse Dixit
TarHeelPundit
Blog On the Run
blogatron
Redwood Dragon
Notables
Greeblie Blog
Have A Cuppa Tea
A Dog's Life
IMAO
Zonitics.com
Iberian Notes
Midwest Conservative Journal
A Voyage to Arcturus
HokiePundit
Trojan Horseshoes
In Context
dcthornton.blog
The People's Republic of Seabrook
Country Store
Blog Critics
Chicago Boyz
Hippy Hill News
Kyle Still Free Press
The Devil's Excrement
The Fat Guy
War Liberal
Assume the Position
Balloon Juice
Iron Pen In A Velvet Glove
IsraPundit
Freedom Lives
Where Worlds Collide
Knot by Numbers
How Appealing
South Knox Bubba
Heretical Ideas
The Kitchen Cabinet
Dustbury.com
tonecluster
Bo Cowgill
mtpolitics.net
Raving Atheist
The Short Strange Trip
Shark Blog
Hoplites
Jimspot
Ron Bailey's Weblog
Cornfield Commentary
Testify!
Northwest Notes
pseudorandom
The Blog from the Core
Ain'tNoBadDude
CroMagnon
The Talking Dog
WTF Is It Now??
Blue Streak
Smarter Harper's Index
nikita demosthenes
Bloviating Inanities
Sneakeasy's Joint
Ravenwood's Universe
The Eleven Day Empire
World Wide Rant
All American
Pdawwg
The Rant
The Johnny Bacardi Show
The Head Heeb
Viking Pundit
Mercurial
Oscar Jr. Was Here
Just Some Poor Schmuck
Katy & Bruce Loebrich
But How's The Coffee?
Roscoe Ellis
Foolsblog
Sasha Castel
Dodgeblogium
Susskins Central Dispatch
DoggerelPundit
Josh Heit
Attaboy
Aaron's Rantblog
MojoMark
As I was saying...
Blog O' Dob
Dr. Frank's Blogs Of War
Betsy's Page
A Knob for Brightness
Fresh Bilge
The Politburo Diktat
Drumwaster's rants
Curt's Page
The Razor
An Unsealed Room
The Legal Bean
Helloooo chapter two!
As I Was Saying...
SkeptiLog AGOG!
Tong family blog
Vox Beth
Velociblog
I was thinking
Judicious Asininity
This Woman's Work
Fragrant Lotus
DaGoddess
Single Southern Guy
Caerdroia
GrahamLester.Com
Jay Solo's Verbosity
TacJammer
Snooze Button Dreams
Horologium
You Big Mouth, You!
From the Inside looking Out
Night of the Lepus
No Watermelons Allowed
From The Inside Looking Out
Lies, Damn Lies, and Statistics
Suburban Blight
Aimless
The SmarterCop
Dog of Flanders
From Behind the Wall of Sleep
Beaker's Corner
Bad State of Gruntledness
Who Tends The Fires
Granny Rant
Elegance Against Ignorance
Moxie.nu
Eccentricity
Say What?
Blown Fuse
Wait 'til Next Year
The Pryhills
The Whomping Willow
The National Debate
The Skeptician
Zach Everson
MonkeyWatch
Geekward Ho
Argghhh!!!
Life in New Orleans

January 22, 2004

Wearing the Red Shirt

Just back from my GIAC Security Essentials class. No one was given access to the class materials until Tuesday, so I didn't have to prepare a presentation for that as well as the Weblogs seminar.

It's been moved to next week, instead. Since there was no real class, the instructor went over a couple of the tools IT security uses here for trouble shooting problems.

On windows machines, the first in the line of battle are fport and pskill. I've downloaded both, but my work PC's aren't actually all that interesting.

Here's what I found

FPort v2.0 - TCP/IP Process to Port Mapper
Copyright 2000 by Foundstone, Inc.
http://www.foundstone.com

Pid Process Port Proto Path
408 svchost -> 135 TCP C:\WINNT\system32\svchost.exe
8 System -> 139 TCP
720 MSTask -> 1025 TCP C:\WINNT\system32\MSTask.exe
8 System -> 1026 TCP
1252 afsd_service -> 1074 TCP C:\Program Files\OpenAFS\Client\Program\afsd_service.exe
8 System -> 1082 TCP
1680 aruser -> 1254 TCP C:\Program Files\Remedy\aruser.exe
3624 SecureCRT -> 1255 TCP C:\Program Files\SecureCRT 3.0\SecureCRT.EXE
3144 iTunes -> 1765 TCP C:\Program Files\iTunes\iTunes.exe
3200 IEXPLORE -> 2064 TCP C:\Program Files\Internet Explorer\IEXPLORE.EXE
3200 IEXPLORE -> 2065 TCP C:\Program Files\Internet Explorer\IEXPLORE.EXE
3200 IEXPLORE -> 2066 TCP C:\Program Files\Internet Explorer\IEXPLORE.EXE
3200 IEXPLORE -> 2067 TCP C:\Program Files\Internet Explorer\IEXPLORE.EXE
3200 IEXPLORE -> 2068 TCP C:\Program Files\Internet Explorer\IEXPLORE.EXE
3200 IEXPLORE -> 2069 TCP C:\Program Files\Internet Explorer\IEXPLORE.EXE
3200 IEXPLORE -> 2072 TCP C:\Program Files\Internet Explorer\IEXPLORE.EXE
1964 svchost -> 3523 TCP C:\WINNT\System32\svchost.exe
800 svchost -> 3825 TCP C:\WINNT\system32\svchost.exe
800 svchost -> 3827 TCP C:\WINNT\system32\svchost.exe
800 svchost -> 3831 TCP C:\WINNT\system32\svchost.exe
1016 OUTLOOK -> 3845 TCP C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
1184 aim -> 4506 TCP C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe
1184 aim -> 4512 TCP C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe
1184 aim -> 5180 TCP C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe
408 svchost -> 135 UDP C:\WINNT\system32\svchost.exe
8 System -> 137 UDP
8 System -> 138 UDP
228 lsass -> 500 UDP C:\WINNT\system32\lsass.exe
436 spoolsv -> 1028 UDP C:\WINNT\system32\spoolsv.exe
1252 afsd_service -> 1075 UDP C:\Program Files\OpenAFS\Client\Program\afsd_service.exe
3200 IEXPLORE -> 1382 UDP C:\Program Files\Internet Explorer\IEXPLORE.EXE
1984 afscreds -> 2434 UDP C:\Program Files\OpenAFS\Client\Program\afscreds.exe
1184 aim -> 2459 UDP C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe
3144 iTunes -> 5353 UDP C:\Program Files\iTunes\iTunes.exe
1252 afsd_service -> 7001 UDP C:\Program Files\OpenAFS\Client\Program\afsd_service.exe
932 MsgSys -> 38037 UDP C:\WINNT\system32\MsgSys.EXE

An available 139 port would normally be considered bad, but UNC is blocking the traffic that would normally exploit it. I've turned off File and Print sharing as well, so there's nothing to see behind it. Port 1026 is used to deliver message spam, but I haven't seen anyof that lately, so it must be getting blocked as well.

I recognize everything else, so there's no untoward processes running on my systems. I'm hoping the home systems will be equally as dull.

Tripwire is one of the major tools used for Linux systems. I'll try installing it tomorrow.

Posted by Bigwig at January 22, 2004 03:34 PM | TrackBack
Postscript:
First time visitor to House Hraka? Wondering if everything we produce could possibly be as brilliant/stupid/evil/pedantic/insipid/inspired as the post you just read? Check out the Hraka Essentials, the (mostly) reader-selected guide to Hraka's best posts, and decide for yourself.
Comments