RE: local admin compromised
From: CHRIS GRABENSTEIN (LFGRABC@lf.vccs.edu)Date: 11/13/01
- Previous message: Andrea Iacopini: "Domain Question"
- Maybe in reply to: James D. Stallard: "RE: local admin compromised"
- Next in thread: James D. Stallard: "RE: local admin compromised"
- Next in thread: CHRIS GRABENSTEIN: "RE: local admin compromised"
- Reply: James D. Stallard: "RE: local admin compromised"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-Id: <sbf11267.018@lf.vccs.edu> Date: Tue, 13 Nov 2001 12:28:54 -0500 From: "CHRIS GRABENSTEIN" <LFGRABC@lf.vccs.edu> To: <focus-ms@securityfocus.com> Subject: RE: local admin compromised
Several things seemed to indicate they had never logged in. No profile
had been created, logs didn't show any activity by that user, and a few
other things that I can't remember off the top of my head. It's
entirely possible they got rid of their tracks, but it seems odd that
they wouldn't have deleted the user account if that were the case.
-----Original Message-----
From: Mike Shaw <mshaw@wwisp.com>
Sent: Tuesday, November 13, 2001 11:43 AM
To: H C <keydet89@yahoo.com>, <LFGRABC@lf.vccs.edu>
Cc: <Focus-MS@securityfocus.com>
Subject: Re: local admin compromised
I've been halfway reading these posts, but something occurred to me.
How do you know for sure that this account never logged in? If they
had
admin access they could have monkeyed with the logs.
Mike
- Previous message: Andrea Iacopini: "Domain Question"
- Maybe in reply to: James D. Stallard: "RE: local admin compromised"
- Next in thread: James D. Stallard: "RE: local admin compromised"
- Next in thread: CHRIS GRABENSTEIN: "RE: local admin compromised"
- Reply: James D. Stallard: "RE: local admin compromised"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
