.

Fport

<<

Kev

Post Sun Jul 30, 2006 3:26 pm

Fport

I really appreciate tools that are complex and have lots of options. In fact if I pay good money for them, it’s something I expect. But there is something about a tool that is simple and free that strikes a chord in me for whatever reason. That’s why I love tools like Netcat and Fport.  Fport is one of the free tools from Foundstone.  To me it’s a great way to see if something mysterious is trying to connect from your computer.  If you’re at a friend’s home and he suspects something odd is happening with his computer and you don’t have your tools, download Fport and check it out.  More than once I have caught a Trojan on someone’s computer that was evading antivirus and was not showing up in the process.

http://www.foundstone.com/
<<

LSOChris

Post Sun Jul 30, 2006 9:11 pm

Re: Fport

fport can be defeated with hacker defener rootkit
<<

Kev

Post Sun Jul 30, 2006 10:32 pm

Re: Fport

Yes very true. A well coded root kit is becoming one of the worst nightmares and can defeat more than just little ole fport.  But that doesn’t mean fport doesn’t have a place. No, not as a tool on a critical network! As a quick check on someone’s home computer where there might be a lot of p2p file sharing going on.  Something done on the fly.
<<

johnhsawyer

User avatar

Newbie
Newbie

Posts: 1

Joined: Tue Jul 25, 2006 9:30 pm

Post Mon Jul 31, 2006 10:54 am

Re: Fport

Fport is good but I have run into numerous situations where I was gathering volatile data before pulling the plug and had fport return empty results. Some instances were rootkit related while others couldn't be determined. Every time that has happened, though, I've run openports from DiamondCS and it works fine. I also like it's output better because it can add the path of the process listening or look just like fport if you prefer it.

http://www.diamondcs.com.au/openports/

I use netstat, fport, openports and tcpvcon in my custom WFT config.

http://www.foolmoon.net/security/wft/

-jhs
www.johnhsawyer.com - CISSP GCFA GCIH GCFW
<<

Kev

Post Mon Jul 31, 2006 2:43 pm

Re: Fport

Hey, I like your combination of utilities. Good post and I am sure it will be helpful.
Last edited by Kev on Mon Jul 31, 2006 2:49 pm, edited 1 time in total.

Return to Tools

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software