RE: ntoskrnl.exe issue

From: Curt Purdy (purdy@tecman.com)
Date: 08/30/01


From: "Curt Purdy" <purdy@tecman.com>
To: "'R M'" <whisk3y@hotmail.com>, <incidents@securityfocus.com>
Subject: RE: ntoskrnl.exe issue
Date: Thu, 30 Aug 2001 13:17:53 -0500
Message-ID: <001101c13180$16b91dd0$132ea8c0@wolfcub>

99% of the times I have seen this is when there is nothing wrong with NT or
the disk at all. It almost always is with the boot.ini settings not going
to the right partition. This can result from a number of reasons including
one drive in a multi-drive setup being offline causing the rdisk number to
be off one. Reseating the connectors on the drive/motherboard may fix it.

Curt Purdy
Information Security Engineer
DP Solutions
purdy@tecman.com

-------------

"There is no patch for stupidity."

-----Original Message-----
From: R M [mailto:whisk3y@hotmail.com]
Sent: Thursday, August 30, 2001 5:05 AM
To: incidents@securityfocus.com
Subject: ntoskrnl.exe issue

All

We have a w2k small business server installed with Exchange 2000, ie 5.5,
ISA 2000 [acting as a proxy server + packet filter], webshield & netshield
4.5.

The ISA packet filter was configured to permit outbound http and two way
smtp traffic. 2 of our servers crashed yesterday afternoon and we are now
receiving error messages about the ntoskrnl.exe is missing or corrupt.

This is odd considering the two servers went down at similar times in two
different remote locations.

The anti-virus software was bang up-to-date with the latest engine and dat
files but I still think this may be some sort of vulnerability - can any one
help please?

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com



Relevant Pages

  • RE: Malicious web sites
    ... > This list is provided by the SecurityFocus ARIS analyzer service. ... > For more information on this free incident handling, management ... > and tracking system please see: http://aris.securityfocus.com ...
    (Incidents)
  • Re: [incident] IIS defacement through FTP, possible DoS
    ... > This list is provided by the SecurityFocus ARIS analyzer service. ... > For more information on this free incident handling, management ... > and tracking system please see: http://aris.securityfocus.com ...
    (Incidents)
  • RE: Distributed ICMP/UDP scan or attack?
    ... This list is provided by the SecurityFocus ARIS analyzer service. ... and tracking system please see: http://aris.securityfocus.com ... For more information on this free incident handling, management ...
    (Incidents)
  • Re: strange attacks - flood udp packets from 1030 to msql
    ... > This list is provided by the SecurityFocus ARIS analyzer service. ... For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ...
    (Incidents)
  • RE: Can anyone identify this backdoor?
    ... > and tracking system please see: http://aris.securityfocus.com ... This list is provided by the SecurityFocus ARIS analyzer service. ... For more information on this free incident handling, management ...
    (Incidents)