OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Exploit-Dev Archives: Re: INZIDER!

Re: INZIDER!

BrainMaster (brain_masterHOTMAIL.COM)
Fri, 19 Nov 1999 23:35:15 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I'm running Inzider right now under nt4ws sp6. It can do tcp and udp.
I see it reporting several ports even as high as 50505 tcp. From what
I heard about it is that it uses a spying .dll that tries to watch
winsock usage but some programs don't work with it. It has detected
such things as sygate, netmeeting, I believe all the ports that
NukeNabber is watching (including several udp) but doesn't notice
programs like mirc or services.

Netbus1 uses 12345tcp, netbus2pro usually is 20034tcp. BO1 does use
31337udp.

> "When I tested it, my conclusion was that inzider looks for open
> UDP ports and not TCP ports. The ports he mentioned (135, 139) are
> UDP whereas I believe Netbus and BO use TCP ports."
>
> I don't know about Netbus, but BO uses UDP ports. So if inzider
> really does look for only UDP ports and it didn't pick up BO it's
> likely that it doesn't scan higher than, say, 10000 or something.
> Most scanners or diagnostics tools don't go that high simply
> because it would take a while, and normally BO is put on 31337 or
> some other equally high number. I would say try putting BO on a low
> port number to find out. Since I don't know much about Netbus, it's
> just a guess that the same thing is happening, but I really am not
> sure since I don't even know which protocol Netbus uses.

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.1 for non-commercial use <http://www.pgp.com>

iQA/AwUBODYlAcdYNrqYZUdWEQKpIwCfWFNPN3SCiiKgTGwuwBpldo7nv7cAn0va
c+bI6nCsBS90v+8rRcOTiI6T
=2lx4
-----END PGP SIGNATURE-----

This archive was generated by hypermail 2.0b3 on Sat Nov 20 1999 - 00:16:03 CST