MS SQL server worm logs question
From: Ian O'Brien (iob@xilinx.com)
Date: 01/27/03
- Previous message: Gianni Tedesco: "wierd: udp port 0 traffic"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 27 Jan 2003 01:08:57 -0800 From: "Ian O'Brien" <iob@xilinx.com> To: incidents@securityfocus.com
So, after cleaning up the mess does anyone know if there are any logs of any
kind typically left behind on the actual machines themselves. I'm trying to see
if I can piece together the actual path taken for the original infection.
I had a very quick look at a patched / rebooted machine this evening but didn't
se anything obvious in the event viewer. Are there logfiles kept in any standard
places for MSDE and MS SQL Server?
ian
--
Ian O'Brien - Xilinx Network Security Engineer
-=- = Pager 408-696-2182 -=- Phone 408-879-5206
iob@xilinx.com - Please state the nature of your architectural emergency
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Next message: Marc Maiffret: "RE: SQL Sapphire Worm Analysis"
- Previous message: Gianni Tedesco: "wierd: udp port 0 traffic"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
