I was wondering how a service which sets up to listen on a port would not end up attracting more attention to a system that otherwise had all ports stealthed by an efficient IDS/firewall, or is PE mainly to study traffic on an already infected system? Port Explorer is just as good at opening up port to listen and dropping packets instead of sending back ICMP unreachables as some of the better IDS/firewall's?
Most People who are interested in what is happening in the background are primarily looking at processes via the built in windows task manager which provides hidden or incomplete data... Port Explorer allows the viewing of process as they map to ports although some sockets are not visible. This tool is useful in identification but not necessarilly prevention and more importantly it will allow you to identify intruder process when other specialised *read automated* tools might fail. As for "Listening* it does so but in a much different fashion than your firewall does since it does not repport to external probes or does it act as a shield to intrusions although it provides for a manual port locking capability. When used toguether with "Process Explorer" one can drill deep into what is actually taking place in the Operating system and eleminate hostiles quickly... Some usefull tools to help monitor hidden but essentials internal systems: Real time Process Monitoring: http://www.sysinternals.com/Utilities/ProcessExplorer.html Real time File Monitoring: http://www.sysinternals.com/Utilities/Filemon.html Real time Registry Monitor http://www.sysinternals.com/Utilities/Regmon.html I hope this proves helpfull Guy