Page 1 of 2 12 LastLast
Results 1 to 15 of 16

Thread: App: Active Ports security risk?

  1. #1
    Titanium Member
    Join Date
    Jul 2002
    Location
    blk helo target, WA
    Posts
    3,536

    App: Active Ports security risk?

    Symantec says so - what's your take on this guys - since I have the app.

    http://securityresponse.symantec.com...sk.aports.html

  2. #2
    Hardware guy Super Moderator FastGame's Avatar
    Join Date
    Apr 2002
    Location
    Blasters worm farm
    Posts
    3,416
    My take is the same as Symantec describes. Symantec assumes that most *NORMAL* PC users don't apply "tools of a trade" to their PC's. Symantec warns of the dangers of such tools or applications so they can be delt with whether they were installed unknowingly or through ignorance.

    Symantec also assumes that most PC users who do use "tools of a trade" are fully aware of the risks and powers such tools posses, its these PC users that keep Symantec in business

  3. #3
    Titanium Member
    Join Date
    Jul 2002
    Location
    blk helo target, WA
    Posts
    3,536
    I don't understand the danger. It seems that all it's good for is identifying which app is using which port and terminating process - good for checking to see if anything unusual is in there as well.

  4. #4
    Old and Cranky Super Moderator rik's Avatar
    Join Date
    Aug 2003
    Location
    Watching Your every move...
    Posts
    4,688
    Well, I use this app also. The site says "Behavior
    Aports is a tool that enables you to monitor all open TCP/IP and UDP ports. It allows the user to watch ports and applications, and allows a user or an application to terminate processes.

    An API is available for this application, which can be used in malicious code."

    It doesn't mean that the app itself is malicious but it can be used that way. I wonder if the vendor has a patch that can installed to prevent this? Would be a good question for them. http://www.protect-me.com/freeware.html

  5. #5
    Titanium Member
    Join Date
    Jul 2002
    Location
    blk helo target, WA
    Posts
    3,536
    Do you mean that a hacker can get into my pc and use the app maliciously, by installing API (whatever that is) or I can use the app maliciously, to harm other's Pc.

  6. #6
    Old and Cranky Super Moderator rik's Avatar
    Join Date
    Aug 2003
    Location
    Watching Your every move...
    Posts
    4,688
    Quote Originally Posted by lynchknot
    Do you mean that a hacker can get into my pc and use the app maliciously, by installing API (whatever that is) or I can use the app maliciously, to harm other's Pc.
    That's the way I understood it.

  7. #7
    Titanium Member
    Join Date
    Jul 2002
    Location
    blk helo target, WA
    Posts
    3,536
    Which way? There is an "or" in my sentence. - or both!

  8. #8
    Old and Cranky Super Moderator rik's Avatar
    Join Date
    Aug 2003
    Location
    Watching Your every move...
    Posts
    4,688
    Both

  9. #9
    Titanium Member
    Join Date
    Jul 2002
    Location
    blk helo target, WA
    Posts
    3,536
    So I am at risk of BB hacking me? What if I make a shortcut to the exe to change the name or extension while not in use? Will that work?

  10. #10
    Old and Cranky Super Moderator rik's Avatar
    Join Date
    Aug 2003
    Location
    Watching Your every move...
    Posts
    4,688
    Dunno dood...The article from Symantec is the only info I have seen. But yes. You are ALWAYS running a risk of the "Boogey Man" getting into your system.

  11. #11
    Titanium Member
    Join Date
    Jul 2002
    Location
    blk helo target, WA
    Posts
    3,536
    I have router and software and they can still boogy in at will?

  12. #12
    Old and Cranky Super Moderator rik's Avatar
    Join Date
    Aug 2003
    Location
    Watching Your every move...
    Posts
    4,688
    Boogs can get in at will...He is a menace, a parasite, a pir8, a hax0r. He is 3v1L, a d3m0n, S8N...Be vewy, vewy caweful...

  13. #13
    Titanium Member
    Join Date
    Jul 2002
    Location
    blk helo target, WA
    Posts
    3,536
    He's - he's a booger -

  14. #14
    Precision Processor Super Moderator egghead's Avatar
    Join Date
    May 2002
    Location
    In Your Monitor
    Posts
    3,546
    Lynchknot - Security risk, as this is a port scanner, and could be used as part of malware to stop services.





    <LI class=tiny><A href="http://securityresponse.symantec.com/avcenter/refa.html#iudefs">Intelligent Updater Definitions*September 25, 2003

    <LI class=tiny>LiveUpdate™ Definitions **October 01, 2003

    *

    Intelligent Updater definitions are released daily, but require manual download and installation.
    Click here to download manually.

    **

    LiveUpdate definitions are usually released every Wednesday.
    Click here for instructions on using LiveUpdate.



    This threat can be detected only by Symantec products that support expanded threats. For more information on expanded threats, please go here.



    Behavior
    Aports is a tool that enables you to monitor all open TCP/IP and UDP ports. It allows the user to watch ports and applications, and allows a user or an application to terminate processes.

    An API is available for this application, which can be used in malicious code.

    Symptoms
    None.

    Transmission
    Part of malware. This must be intentionally placed on the computer.



    <A name=technicaldetails>


    File names: Aports.exe

    This threat is a stand-alone application, does not drop files, and does not modify the registry. This hack tool displays a Graphical User Interface (GUI) showing the processes and applications as they are mapped to port numbers. Also, it shows the IP address of the user accessing open ports.

    The publisher also offers an API for a fee. Aports.exe is freeware in its GUI form.
    <A name=removalinstructions>



    http://securityresponse.symantec.com...sk.aports.html

    egghead
    ------------------------------------------------------------



  15. #15
    Titanium Member
    Join Date
    Jul 2002
    Location
    blk helo target, WA
    Posts
    3,536
    Yeah I know I read that. I still don't know why I should remove it. I like to use it to see if any funny business is going on. Can I not disable it by changing it's extention when not in ues?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •