AW: Windows NT intrusion
From: Reichert Holger (Holger.Reichert@nondbvwin.de)Date: 01/30/02
- Previous message: LK-FM Tech Assistances: "Win NT RAS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Reichert Holger <Holger.Reichert@nondbvwin.de> To: security-basics@securityfocus.com Date: Wed, 30 Jan 2002 15:42:09 +0100
Hello John,
You asked about Tripwire-like Tools for Windows
Tripwire exists for Win NT www.tripwire.com
Another Tool is System Scanner from ISS
Best wishes
Holger Reichert
www.holysword.de
-----Ursprüngliche Nachricht-----
Von: John Oliver [mailto:john.oliver@hosting.com]
Gesendet: Montag, 28. Januar 2002 20:56
An: sdw2000@t-tape.com; security-basics@securityfocus.com
Betreff: Windows NT intrusion
Last week, I had a clients' NT Server 4.0 machine show definite signs of
compromise... all sorts of odd ports listening, including some traceable
back to WinGate (which we never installed!), and some others that were
known as some IRC-related stuff. With a UNIXy OS, I have a pretty
decent idea of how to find out what happened, when, etc. and maybe even
clean up. But Windows? I took the easy route... on Saturday, I just
nuked the OS, installed W2K, patched, etc. But are there any sites that
have good documentation about post-mortems on Windows boxen? Or even a
class in the San Diego area?
Also, any thoughts on things I can do to make things easier on myself...
I've found some tools that can send the NT system logs to an off-host
syslogd. Are there any Tripwire-like tools for NT? Any such thing as
an immutable bit?
-- John Oliver System Administrator hosting.com, an Allegiance Telecom company mailto:john.oliver@hosting.com (858) 637-3600 http://www.hosting.com/
- Previous message: LK-FM Tech Assistances: "Win NT RAS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
