Re: diagnose compromise on NT
From: Patrick Andry (pandry@wolverinefreight.ca)Date: 07/22/02
- Previous message: Lucas: "RE: Scanning Port UDP 4668"
- In reply to: Ingersoll, Jared: "diagnose compromise on NT"
- Next in thread: H C: "Re: diagnose compromise on NT"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 22 Jul 2002 11:05:20 -0400 From: Patrick Andry <pandry@wolverinefreight.ca> To: "Ingersoll, Jared" <jared@cswv.com>
Ingersoll, Jared wrote:
> Does anyone know of any good tools that can be used on an NT 4.0 box to
> (help) diagnose a system compromise? I've been playing around with inzider
> with limited results.
>
> Thanks,
>
> Jared
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com
What type of system compromise?
Did event log/web logs show any activity?
PStools from sysinternals is usually a good set of raw tools to use, but you
have to know what you are looking for in order for them to be of any use.
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Previous message: Lucas: "RE: Scanning Port UDP 4668"
- In reply to: Ingersoll, Jared: "diagnose compromise on NT"
- Next in thread: H C: "Re: diagnose compromise on NT"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
