View open ports: Let Trojan True Features

Currently the most common Trojan is usually based on TCP / UDP protocol for client-side and server-side communication between, since the use of the two agreements will, inevitably, to the server-side (that is, the machine is kind of a Trojan horse was) open listening port to wait for the connection. For example, using the famous glaciers listen port is 7626, Back Orifice 2000 is the use of 54320 and so on. So, we can use the view of the machine open ports to check whether they have been kind of a Trojan horse or other hacker programs. The following is a detailed method description.

1. Windows itself comes with the netstat command

On the netstat command, we first look at windows help file description:

Netstat

Display protocol statistics and current TCP / IP network connection. This command is only installed TCP / IP protocol before they can use.

netstat [-a] [-e] [-n] [-s] [-p protocol] [-r] [interval]

Parameter

-A

Show all connections and listening ports. Server connection does not usually.

-E

Display Ethernet statistics. This parameter can be used in conjunction with the-s option.

-N

In digital format address and port number (instead of trying to find the name).

-S

Show the statistics for each protocol. By default, the display TCP, UDP, ICMP and IP statistics. -P option can be used to specify the default subset.

-P protocol

Protocol specified by the agreement shows the connection; protocol can be tcp or udp. If used in conjunction with the-s option to display statistics for each protocol, protocol can be tcp, udp, icmp, or ip.

-R

Display routing table contents.

interval

Re-display the selected statistics, pausing between each display interval seconds. Press CTRL + B to stop re-display statistics. If this parameter is omitted, netstat will print the current configuration information once.

Well, read the help file, we should understand to use the netstat command. Let us now study the current use, use this command to look at open ports on your machine. Access to the command line, use the netstat command of a and n are two parameters:

C:> netstat-an

Active Connections

Proto Local Address Foreign Address State
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING
TCP 0.0.0.0:21 0.0.0.0:0 LISTENING
TCP 0.0.0.0:7626 0.0.0.0:0 LISTENING
UDP 0.0.0.0:445 0.0.0.0:0
UDP 0.0.0.0:1046 0.0.0.0:0
UDP 0.0.0.0:1047 0.0.0.0:0

Explain, Active Connections is the current active connection of the machine, Proto is the protocol used to connect the name, Local Address is the local computer's IP address and port number being used to connect, Foreign Address is connected to the port of the remote computer's IP address and port number, State is that the state of TCP connections, you can see three rows behind the listening port is UDP protocol, so there is no State that state. Look! My machine's 7626 port is already open, is listening to wait for connections, like this case very likely have been infected with the ice! Quickly disconnected from the network, killing the virus with anti-virus software is the right approach.




[Next]



2. Work under the command line in windows2000 tool fport

Using windows2000 friend than use windows9X lucky, because you can use fport this program to display open ports and process the native correspondence.

Fport is FoundStone produced a system to list all open TCP / IP and UDP ports, and their corresponding application's full path, PID logos, names and other information of the software process. Use the command line, see example:

D:> fport.exe
FPort v1.33 - TCP / IP Process to Port Mapper
Copyright 2000 by Foundstone, Inc.
http://www.foundstone.com

Pid Process Port Proto Path
748 tcpsvcs -> 7 TCP C: WINNTSystem32 tcpsvcs.exe
748 tcpsvcs -> 9 TCP C: WINNTSystem32tcpsvcs.exe
748 tcpsvcs -> 19 TCP C: WINNTSystem32tcpsvcs.exe
416 svchost -> 135 TCP C: WINNTsystem32svchost.exe

Is not readily seen. This time, what is the procedure in all ports open to all under the eyes of you. If there is a suspicious program opens a suspicious port, be sure not to the effect that Oh, maybe that is a sly Trojan Horse!

Fport the latest version is 2.0. In many sites available for download, but for safety reasons, of course, it is best to go home under: http://www.foundstone.com/knowledge/zips/fport.zip

3. Fport function with graphical interface tools like Active Ports

Active Ports produced as SmartLine, you can use to monitor the computer all open TCP / IP / UDP port, not only will you be shown all the ports, all ports are also shown where the path corresponding procedures, the local IP and remote IP (attempting to connect to your computer IP) whether it is activities.

Is not very intuitive? Even better, it also provides a closed port function, use it to find your horse in the open port, you can immediately shut down the port. The software work in Windows NT/2000/XP platforms. You can get it in http://www.smartline.ru/software/aports.zip.

In fact, users do not use windows xp with other software that can be correspondence between the port and the process, because the windows xp brought the netstat command more than the previous version of an O parameter, this parameter can be obtained using the port and the corresponding process years.

See above description of several local open ports, and the corresponding relationship between the port and process methods, these methods can be easily found based on TCP / UDP protocol Trojans hope that I can help you bring the love machine. But the emphasis on the Trojans against, and if the Trojans run into a rebound port, use the driver and dynamic link library technical production of a new Trojan horse, the above method is difficult to identify traces of a Trojan. Therefore, we must develop good surfing habits, do not run email attachments free, install a antivirus software, such as domestic Rising killing viruses and Trojan horses is a good helper. Download the software from the Internet first, again with antivirus software and re-use, open the network when the Internet firewall and virus real-time monitoring, to protect their machines are not hateful Trojan invasion.






Recommended links:



The most beloved of five welfare workers



VOB to SWF



Report Shell Tools



Thunder Raise his flag charges, cool 6 has the intention



Element Union and day encounter in the rubber of the Kingdom of thinking



Comment Dictionaries Education



"Aion" 1.2 There are a brush obs of the bug is still alive



3GP to MPEG



ArcGIS standard coordinate conversion in the end how?



Who will save the TV shopping?



Convert Dvr-ms To Mpeg



Wong Lo Kat: Benchmarking the danger of



for you Games Arcade



How GIS abstract surface Features of space?



FLV to Zune



XML Or CSS Tools Storage

Zack Rusin interviewed the beauty and magic of KDE

This year's KDE World Summit (KDE World Summit, more well-known name is aKademy) at the University of Malaga in Spain, the conference is the most anticipated KDE developer Zack Rusin fascinating presentation "Beauty and Magic for KDE developers . " He has long been the main KDE developer, recently admitted to the Qt graphical user interface library of developer Trolltech, employ full-time developers. With the deepening of the meeting, participants heard more and more Zack will demonstrate the amazing visual effects. So a lot of the audience crowded in a lecture theater, the wait for this exciting presentation. But they are disappointed that speech to be delayed due to technical problems two days, we are anxious heart itching. Finally solved the problem, Zack made a whirlwind presentation on Unix / Linux graphical development status and future direction.

Zack during the meeting accepted the KDE organization's "comrades in arms with the trenches" Daniel Molkentin interview, detailing his KDE development.

1) Please briefly introduce myself.

Today, I and a friend whom I respect a conversation, he said I unique is that things can not become a reality. This is what I heard the most flattering words. So my self-description is: I can not let things become a real person.

2) Your company has recently entered the Trolltech, the concrete is done about it?

I Trolltech's job is to create something that others can only dream of. Of course, the main interest in computer graphics, but not limited to - research and development company has given me full freedom.

3) the contribution of your past X.org What?

Main is a new acceleration architecture Render and Exa. Render is a new rendering model for X, it has a shadow, translucent, font anti-aliasing capabilities.

4) Exa in aKademy Assembly into focus, you can specifically tell us?

Exa is based on the KAA (Kdrive Acceleration Architecture, KDrive accelerating structure) of the simplified acceleration architecture. KDrive Keith Packard is a modular X server implementation, KAA KDrive can get. And before the old XAA (XFree86 Acceleration Architecture, XFree86 acceleration architecture) different, Exa has been designed to speed up the XRender, it is small, simple, flexible, and allows X developers to create various special effects.

5) before and Exa graphics acceleration technology to accelerate XRender What's the difference?

XRender developed by Keith Packard's new rendering technology, before that X can only rely on very limited primitive. In order to catch up with development needs, now or in the client application, rendering, and not to use these primitives (they only had to render the image transmitted to the X server), or by XRender. Unfortunately, XAA is mainly used to accelerate those old and unused primitives. The Exa the new model-specific acceleration, will no longer bother the old primitive.

6) everyone can benefit from Exa it?

Yes. Of course the premise that their drivers to support Exa (We have transplanted most of the driver).

7) You use Xgl demonstrates an astounding results. Do you think Xgl have a future?

Yes, Xgl promising. This is our long-term solution. I'm still not finished Xegl because I have a lot of work. With OpenGV and some new plug-ins, OpenGL has become very attractive to all of our 2D solution to the problem.

8) Please tell us about Xgl and Xegl difference.

Xegl is an independent server, but need to run the Xgl X server to start (set the modeline option and processing input are the two most important aspects). They share the same graphics acceleration code, but Xgl the modeline and enter the settings to do the work to another X server, which provides the OpenGL graphics acceleration to determine Xegl test basis.

9) KDE's cube effect of more and more like Apple's OS X, is not inspired by OS X?

I want to clarify that cube effect designed by Dave Reveman, I do not want to claim credit. As for your question, my answer is: I hope not.

Optical design of special effects is easy, but easy to use yet beautiful design of special effects is difficult. Effect on the desktop design, the excellent design and poor design is but one step away, KDE 4's Plasma one of the biggest challenges is to weigh the tradeoff between the two.

If you just copy the design, we can not be the best. Innovation is not dead, Plasma is our answer. In KDE's history, designers, developers and usability experts together for the first time to conduct an organized development. Three teams working in parallel, so graphic design and usability will not be like other open source projects as well just have to wait until additional software design up. They are now the core of our development model components.

10) You work in X.org to when they could be completed?

The new X.org Render and Exa has entered the. The next step is Xgl, then Xegl. Until X.org 7.0 is completed, we will start Xgl and Xegl project.

11) Since the X11 launch, has been a long time. Upcoming X.org 7.0, in which aspects of the revolutionary?

It is the first modular version, so very special. Drivers and servers do not have to integrate, we will release the driver and server.

12) the user can get from the modular X.org What are the benefits?

They do not have to go to upgrade when upgrading drivers the server. Driver upgrade independently. X.org 7.0 will reduce the novice to the development of fear of X, users will experience a significant performance upgrade, which will attract many users to upgrade to X.org 7.0.

13) To take full advantage of the new X.org technology, Qt What adjustment do?

Qt for me is the driving force behind the scenes, while the applications and the desktop environment is the motivation to promote the development server. But the server itself is no fun at all, its only purpose is to meet the needs of desktop development. We have engaged in anti-this time around the relationship between the server hard at solving the problem, we are now back on track, innovation is our real work.

14) you X.org, Qt, KDE, and Linux's future expectations?

I want people to bold innovation - afraid of surprise, fear can not do. We now have sufficiently advanced technology, and only the best ideas. Therefore, on the meaningful exchange and designers.

Obviously, vector graphics will gradually become popular. Qt will support the SVG 1.2 standard, and at different levels make use of this standard (including animation support). At present most of the SVG icon themes are developed with, but for performance reasons are converted to PNG format. This situation will soon change, since the image will not render SVG slower than the raster image rendering.






Recommended links:



M2TS converter



Fun For Your Dealer



ASF to MOV



Macro And Micro Dogs The Difference Between A Dog



Good Audio Presentation Tools



NavInfo SAIC Roewe help Promote the car navigation



BAIDU'S sensual journey



MPG To 3GP



Cursors And Fonts introduction



Audio And Multimedia Storage



The battle with Ninetowns of Warcraft Account



Tencent Sued Staff: To Protest The Labor Contract Tencent Overlord



Kaspersky v. Rising 7.45 million claims of unfair competition



net activity liveuc video conference with zce



Specialist Access Control



[Overview] how to create learning organizations? (11.4)

ASP.NET 2.0 to write an infinite pull-down menu

ASP.NET 2.0 provides a Menu class, you can easily create horizontal or vertical drop-down menu, the following is an example:



Examples of the drop-down menu



disappearafter = "2000"
staticdisplaylevels = "2"
staticsubmenuindent = "10"
orientation = "Horizontal"
font-names = "Arial"
target = "_blank"
runat = "server">

forecolor = "red" />

forecolor = "red" />
forecolor = "Black" />


http://dotnet.aspx.cc/ "
text = "Home"
tooltip = "Home">
http://dotnet.aspx.cc/ShowList.aspx?id=1 "
text = "ASP.NET section"
tooltip = "ASP.NET column">
text = "ASP.NET recent article"
tooltip = "ASP.NET recent article" />
text = "ASP.NET Q & A"
tooltip = "ASP.NET Q & A">
text = "ASP.NET recent article"
tooltip = "ASP.NET recent article" />
text = "ASP.NET recent article"
tooltip = "ASP.NET recent article" />

text = "Jazz"
tooltip = "Jazz" />

text = "Movies"
tooltip = "Movies">
text = "Action"
tooltip = "Action">
text = "Drama"
tooltip = "Drama" />

text = "Drama"
tooltip = "Drama" />
text = "Musical"
tooltip = "Musical" />












Recommended links:



On FreeBSD5.2 common operations (setting) changes



ps3 RMVB



How to call JSP PAGE from the MIDlet



flv to dat CONVERTER



Good Terminal And Telnet Clients



Audio Speech brief



Convert f4v to flv



Best Astronomy



Recommend Source Editors



The basic Principles of SSL



"Era of exploration of the beginning of 1404," talk about my own experience



Expensive PS3 late



Youtube m4v



Print Outsourcing: The Neglected Corners Of



Eclipse + JBoss + EJB3 Entity Bean's connection strategy



INTRODUCTION to Fibre Channel based: FCIP and iSCSI comparison