Fw: ISA Server Crash

From: Bob (bob_at_catch23.kicks-ass.net)
Date: 04/01/04

  • Next message: Justin F. Knox: "RE: ISA Server Crash"
    To: <focus-ms@securityfocus.com>
    Date: Thu, 1 Apr 2004 03:56:14 -0500
    
    

    That would be my best stab-in-the-dark, without knowing what condition the
    FAT or MFT is in. I would also try to "unformat" after examining the disk.
    If the worm overwrote random sectors in groups of 128, it will have left
    holes in the file table and the files and depending on how long the worm was
    running, there may not be a whole lot that can be recovered, but maybe
    there's enough evidence for you to tell what happened. If the ISA server was
    patched to current, and if the file table and some of the files have random
    overwritten areas, I would probably assume this was the work of the worm.
    Also, I personally recommend Viznetic Firewall, it doesn't seem to have
    vulerability issues, it does exactly what you tell it to do. If you need a
    software firewall, it might be worth you checking it out.

    Good luck, in any case.

    ----- Original Message -----
    From: "Barrett (Barry) W. Clark" <bwclark@postoffice.texoma.net>
    To: <focus-ms@securityfocus.com>
    Cc: <wjhays@sbcglobal.net>
    Sent: Wednesday, March 31, 2004 12:43 PM
    Subject: Re: ISA Server Crash

    > Bill,
    >
    > Just a possibility...(I could be wrong)
    >
    > http://www.symantec.com/avcenter/venc/data/w32.witty.worm.html
    >
    > bwc
    >
    > PS, You may want to check your date/time on your computer.
    >
    > At 10:13 PM 3/30/2004, you wrote:
    > >NEED HELP!!!!!!!!!!
    > >
    > >Late last week my ISA Server crashed, it's running Windows 2000 Server
    > >with ISA Server 2000 w/all SP's applied. It also runs Surf Control and
    > >Black Ice.
    > >
    > >What makes this so urgent is that upon investigation immediately after
    > >the crash I found that the C:\ partition (active O/S partition) was
    > >somehow or another formatted. What makes this even stranger is that the
    > >system was up and running when this happened. I know this because the
    > >mirrored drive also was formatted.
    > >
    > >Can anyone please shed some light on how this could have possibly
    > >happened? My bosses are wanting answers and I don't have any clues.
    > >Can't figure it out, PLEASE HELP!!!!!!!
    > >
    > >Thanks,
    > >Bill
    > >
    > >
    >
    >---------------------------------------------------------------------------
    > >Free 30-day trial: firewall with virus/spam protection, URL filtering,
    VPN,
    > >wireless security
    > >
    > >Protect your network against hackers, viruses, spam and other risks with
    > >Astaro Security Linux, the comprehensive security solution that combines
    six
    > >applications in one software solution for ease of use and lower total
    cost
    > >of ownership.
    > >
    > >Download your free trial at
    > >http://www.securityfocus.com/sponsor/Astaro_focus-ms_040301
    >
    >---------------------------------------------------------------------------
    >
    >
    >
    > --------------------------------------------------------------------------
    -
    > Free 30-day trial: firewall with virus/spam protection, URL filtering,
    VPN,
    > wireless security
    >
    > Protect your network against hackers, viruses, spam and other risks with
    > Astaro Security Linux, the comprehensive security solution that combines
    six
    > applications in one software solution for ease of use and lower total cost
    > of ownership.
    >
    > Download your free trial at
    > http://www.securityfocus.com/sponsor/Astaro_focus-ms_040301
    > --------------------------------------------------------------------------
    -
    >
    >

    ---------------------------------------------------------------------------
    Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
    wireless security

    Protect your network against hackers, viruses, spam and other risks with
    Astaro Security Linux, the comprehensive security solution that combines six
    applications in one software solution for ease of use and lower total cost
    of ownership.

    Download your free trial at
    http://www.securityfocus.com/sponsor/Astaro_focus-ms_040301
    ---------------------------------------------------------------------------


  • Next message: Justin F. Knox: "RE: ISA Server Crash"

    Relevant Pages

    • Re: Possible break in
      ... I had ran strings on it too, and tried to find some of the strings on ... >> Security Linux, the comprehensive security solution that combines six ... Protect your network against hackers, viruses, spam and other risks with Astaro ...
      (Incidents)
    • RE: Entercept HIDS Question
      ... Subject: Entercept HIDS Question ... > Protect your network against hackers, viruses, spam and other ... > risks with Astaro Security Linux, ... the comprehensive security solution that combines six ...
      (Focus-IDS)
    • RE: Entercept HIDS Question
      ... This is one of those it depends on your network and application ... Subject: Entercept HIDS Question ... Security Linux, the comprehensive security solution that combines six ...
      (Focus-IDS)
    • RE: Entercept HIDS Question
      ... Entercept only to give up after two months of silence.. ... > Protect your network against hackers, viruses, spam and other ... > risks with Astaro Security Linux, ... the comprehensive security solution that combines six ...
      (Focus-IDS)
    • RE: Entercept HIDS Question
      ... Entercept only to give up after two months of silence.. ... > Protect your network against hackers, viruses, spam and other ... > risks with Astaro Security Linux, ... the comprehensive security solution that combines six ...
      (Focus-IDS)