Re: Compromised Win2000 machine.
From: Mark Newby (mark@dranton.com)Date: 05/29/02
- Previous message: Brett Glass: "Re: odd scans?"
- In reply to: H C: "RE: Compromised Win2000 machine."
- Next in thread: H C: "Re: Compromised Win2000 machine."
- Reply: H C: "Re: Compromised Win2000 machine."
- Reply: H C: "Re: Compromised Win2000 machine."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 29 May 2002 21:38:00 +0100 From: Mark Newby <mark@dranton.com> To: H C <keydet89@yahoo.com>
H C wrote:
> [...]
> Danny took the typical action seen of most
> admins...port scanning the system from the outside,
> and comparing the open ports to lists of known trojans
> and services. This is inconclusive at best, and leads
> to a lot of speculation and time-wasting. Better to
> run fport on the system (if NT/2K...if the system is
> XP, run netstat w/ the '-o' switch) instead, to see
> the process to port mapping.
> [...]
...but I thought the advice for a (possibly) compromised box was *not*
to run executable programs that resided on that host, as they can't be
trusted?
mark
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Previous message: Brett Glass: "Re: odd scans?"
- In reply to: H C: "RE: Compromised Win2000 machine."
- Next in thread: H C: "Re: Compromised Win2000 machine."
- Reply: H C: "Re: Compromised Win2000 machine."
- Reply: H C: "Re: Compromised Win2000 machine."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
