AW: Windows NT intrusion

From: Reichert Holger (Holger.Reichert@nondbvwin.de)
Date: 01/30/02


From: Reichert Holger <Holger.Reichert@nondbvwin.de>
To: security-basics@securityfocus.com
Date: Wed, 30 Jan 2002 15:42:09 +0100

Hello John,

You asked about Tripwire-like Tools for Windows

Tripwire exists for Win NT www.tripwire.com
Another Tool is System Scanner from ISS

Best wishes

Holger Reichert
www.holysword.de

-----Ursprüngliche Nachricht-----
Von: John Oliver [mailto:john.oliver@hosting.com]
Gesendet: Montag, 28. Januar 2002 20:56
An: sdw2000@t-tape.com; security-basics@securityfocus.com
Betreff: Windows NT intrusion

Last week, I had a clients' NT Server 4.0 machine show definite signs of
compromise... all sorts of odd ports listening, including some traceable
back to WinGate (which we never installed!), and some others that were
known as some IRC-related stuff. With a UNIXy OS, I have a pretty
decent idea of how to find out what happened, when, etc. and maybe even
clean up. But Windows? I took the easy route... on Saturday, I just
nuked the OS, installed W2K, patched, etc. But are there any sites that
have good documentation about post-mortems on Windows boxen? Or even a
class in the San Diego area?

Also, any thoughts on things I can do to make things easier on myself...
I've found some tools that can send the NT system logs to an off-host
syslogd. Are there any Tripwire-like tools for NT? Any such thing as
an immutable bit?

-- 
John Oliver
System Administrator
hosting.com, an Allegiance Telecom company
mailto:john.oliver@hosting.com
(858) 637-3600
http://www.hosting.com/



Relevant Pages

  • Re: AW: Windows NT intrusion
    ... Jon ... >Hello John, ... >You asked about Tripwire-like Tools for Windows ... Are there any Tripwire-like tools for NT? ...
    (Security-Basics)
  • Re: AW: Windows NT intrusion
    ... Reichert Holger wrote: ... > Hello John, ... > You asked about Tripwire-like Tools for Windows ...
    (Security-Basics)
  • Re: Windows Firewall
    ... | I am experiencing difficulty with Internet access which has got very slow ... | Windows security alert reports Firewall is off; ... | Windows Firewall even through Control Panel. ... Download/run Deckard's System Scanner: ...
    (microsoft.public.windowsxp.general)