Question Port Explorer's efficiency

Discussion in 'Port Explorer' started by emir, Dec 26, 2005.

Thread Status:
Not open for further replies.
  1. emir

    emir Registered Member

    Joined:
    Dec 21, 2005
    Posts:
    61
    I was wondering how a service which sets up to listen on a port would not end up attracting more attention to a system that otherwise had all ports stealthed by an efficient IDS/firewall, or is PE mainly to study traffic on an already infected system? Port Explorer is just as good at opening up port to listen and dropping packets instead of sending back ICMP unreachables as some of the better IDS/firewall's?
     
  2. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    Most People who are interested in what is happening in the background are primarily looking at processes via the built in windows task manager which provides hidden or incomplete data... Port Explorer allows the viewing of process as they map to ports although some sockets are not visible. This tool is useful in identification but not necessarilly prevention and more importantly it will allow you to identify intruder process when other specialised *read automated* tools might fail.

    As for "Listening* it does so but in a much different fashion than your firewall does since it does not repport to external probes or does it act as a shield to intrusions although it provides for a manual port locking capability.

    When used toguether with "Process Explorer" one can drill deep into what is actually taking place in the Operating system and eleminate hostiles quickly...
    Some usefull tools to help monitor hidden but essentials internal systems:
    Real time Process Monitoring:
    http://www.sysinternals.com/Utilities/ProcessExplorer.html
    Real time File Monitoring:
    http://www.sysinternals.com/Utilities/Filemon.html
    Real time Registry Monitor
    http://www.sysinternals.com/Utilities/Regmon.html

    I hope this proves helpfull

    Guy
     
Thread Status:
Not open for further replies.