ok heres the situation, I have a box running on my network wide open and with specific vulnerabilities set there in purpose.

I do this to collect information on what tools/methods hackers use to infiltrate a box. I've seen some nice tricks used from modified root kits to hexed files, scan tools, batch files and the like.

One thing that I cant figure out is how someone can stop fport from functioning. I was thinking hxdef was used but i see no evidence of this.

Now the question is what could the intruder have used to prevent fport from returning port and application values.

Appreciate all the help anyone could give..........

*PLEASE NOTE*

I am requesting this information for personal knowledge, I am responsible for running a network and I find that if I learn and think like a hacker the better I am as an Admin. Thanks again

I have also seen this when I was doing some "explorering", fport not returning any values. I can get around it, it just makes things a pain in my ass.

maybe the net.exe ist deleted

also had this before.... try some other tools like active ports or open ports....
the intruder could hav used an rootkit which is self made or a modifyed public one....
greetz

In the 2 or 3 times that on the PCs in my LAN the fport program don't works, there was everytime the hxdef rootkit installed.


RFlash

fport wont work if you are logged in with a guest account. fport requieres a full admin account to work correct greetz crackie

if you got remote access or even near it since it's you're network after all use Cports top-end best GUI ever

Fport will also not work on a Microsoft Windows NT box, try using OpPorts or other like programs.

hxdef can hide rootkitted ports from fport.

Well if its a specific thing like you hacked in thru SQL..... Possibly the sql account shouldn't be given execute access. I dont know much about sql servers so dont rely on me