Port Monitoring, or not?

Discussion in 'other software & services' started by Dazed_and_Confused, Mar 6, 2004.

Thread Status:
Not open for further replies.
  1. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Would anyone care to comment on what they use to monitor port activity? I've tried Active Ports, and it seems to work OK, but not very Newbie-friendly. I've heard that some AT applications have this feature built in, with better functionality and help dialog. Or are their better stand-alone apps?
     
  2. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,451
    Location:
    North Carolina, USA
  3. rerun2

    rerun2 Registered Member

    Joined:
    Aug 27, 2003
    Posts:
    338
    Personally I think ActivePorts is one of the easier port to process mappers to use. Though probably not as accurate, as some of the others. Vision 1.0 and TCPView are also some other freeware alternatives.

    TCPView is quite nice, but you might not find it user friendly if you did not think ActivePorts was. TCPView 2.34 Link

    Vision 1.0 is a lot like ActivePorts with some additional features (view running processes, services, and drivers etc). If you try it, make sure you tell it to auto refresh in settings. And keep in mind that it recommends you are running NT4 or 2000. Vision 1.0 Link - look under Forensic Tools

    And of course there is Port Explorer which has a lot of nice features, and is quite user friendly with a very intuitive interface. Unfortunately is is not freeware. To go along with puff-m-d's suggestion in visiting the PortExplorer forum, I thought I would pull out some of the more helpful threads that I found helped me make my decision on whether or not to purchase PE. Not only is Port Explorer discussed, but port to process mappers in general, and some of the competition.

    REVIEW: 11 port-to-process mappers (Security Administrator magazine article)

    Is it really worth $30?

    Is Port Explorer accurate?

    I believe Outpost Pro (a firewall) also has a tab that shows active connections as well.
     
  4. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Rereun2

    Good information. I'll check out the other forums. When I stated ActivePorts wasn't user friendly, what I meant was that it was at times difficult to determine which process were OK, and which I might want to research more.

    I have to ask - If I'm fairly confident I've got a clean system (ie. scanned with AV - no problems; scanned with AT - no problems; installed AT monitor; running a good firewall, etc), chances are all of these processes are legit, right?
     
  5. rerun2

    rerun2 Registered Member

    Joined:
    Aug 27, 2003
    Posts:
    338
    I see what you mean now :)

    Finding what processes are "ok", will take some time at first. But I think it is well worth it.

    Here are some sites that might help

    Search for apps here...
    http://www.sysinfo.org/startupinfo.php
    http://www.sysinfo.org/startuplist.php

    and here...

    http://www.answersthatwork.com/Tasklist_pages/tasklist.htm

    Search for ports here...
    http://www.practicallynetworked.com/sharing/app_port_list.htm

    and here...
    http://www.neohapsis.com/neolabs/neo-ports/

    and here...
    http://www.portsdb.org/bin/portsdb.cgi

    I wish I could comment on whether or not you really do have a clean system. But that is very difficult to say. Some people argue that no one can ever be really sure. AVs, ATs, firewalls, whatever else... can all be bypassed and can all miss things. That is one of the reasoning behind a "layered defense." A term i think a lot of us use. I have used it a few times myself. But it has also saved me a few times as well. You will find this concept at security forums, security books, even the security chapter of the FreeBSD handbook. The basic idea is to have software and/or policy to directly handle a specific type of threat. Thus giving you a greater chance to detect a threat before it is too late, or give you something to fall back onto and prevent greater damage.

    Having a dedicated AV, AT, and firewall is a good place to start. Learning how to operate them properly and maintaining them would be the next step. You can have the best firewall in the world, but if it is improperly configured, you might as well not have it at all (would just give a false sense of security). If you did/do not practice any questionable internet activities, that is even better. Make sure your Operating System is patched as well.
     
Loading...
Thread Status:
Not open for further replies.