RE: ISA Server Crash

From: JAVIER OTERO (jotero_at_SMARTEKH.com)
Date: 04/01/04

  • Next message: Josh Mills: "RE: Detection tool?" 
    Date: Thu, 1 Apr 2004 11:22:15 -0600
To: "Jordan, Jason D. \"Dallas\"" <Jason.Jordan@honeywell-tsi.com>, "William Hays" <wjhays@sbcglobal.net>, <security-basics@securityfocus.com>

    If was WITTY you can use EASYRECOVER from ONTRACK, only the MBR was destroyed.
    Remenber BACKUP.

    Ing. Fco. Javier Otero De Alba
    Diplomado en Seguridad Informática ITESM CEM
    ITStrap
    Product Manager
    Neoteris

    5243-4782 al 84 Ext.300
    México, D.F.

    -----Mensaje original-----
    De: Jordan, Jason D. "Dallas" [mailto:Jason.Jordan@honeywell-tsi.com]
    Enviado el: Miércoles, 31 de Marzo de 2004 11:31 a.m.
    Para: 'William Hays'; 'security-basics@securityfocus.com'
    Asunto: RE: ISA Server Crash

    Sounds like it possibly could be the Witty worm. It exploits Black Ice. Maybe check this link out.

    http://securityresponse.symantec.com/avcenter/venc/data/w32.witty.worm.html

    -----Original Message-----
    From: William Hays [mailto:wjhays@sbcglobal.net]
    Sent: Tuesday, March 30, 2004 10:14 PM
    To: Focus-MS Security List
    Subject: ISA Server Crash

    NEED HELP!!!!!!!!!!

    Late last week my ISA Server crashed, it's running Windows 2000 Server
    with ISA Server 2000 w/all SP's applied. It also runs Surf Control and
    Black Ice.

    What makes this so urgent is that upon investigation immediately after
    the crash I found that the C:\ partition (active O/S partition) was
    somehow or another formatted. What makes this even stranger is that the
    system was up and running when this happened. I know this because the
    mirrored drive also was formatted.

    Can anyone please shed some light on how this could have possibly
    happened? My bosses are wanting answers and I don't have any clues.
    Can't figure it out, PLEASE HELP!!!!!!!

    Thanks,
    Bill

    ---------------------------------------------------------------------------
    Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
    wireless security

    Protect your network against hackers, viruses, spam and other risks with
    Astaro Security Linux, the comprehensive security solution that combines six
    applications in one software solution for ease of use and lower total cost
    of ownership.

    Download your free trial at
    http://www.securityfocus.com/sponsor/Astaro_focus-ms_040301
    ---------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    any course! All of our class sizes are guaranteed to be 10 students or less
    to facilitate one-on-one interaction with one of our expert instructors.
    Attend a course taught by an expert instructor with years of in-the-field
    pen testing experience in our state of the art hacking lab. Master the skills
    of an Ethical Hacker to better assess the security of your organization.
    Visit us at:
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    ----------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    any course! All of our class sizes are guaranteed to be 10 students or less
    to facilitate one-on-one interaction with one of our expert instructors.
    Attend a course taught by an expert instructor with years of in-the-field
    pen testing experience in our state of the art hacking lab. Master the skills
    of an Ethical Hacker to better assess the security of your organization.
    Visit us at:
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    ----------------------------------------------------------------------------

  • Next message: Josh Mills: "RE: Detection tool?"

    Relevant Pages

    • RE: Minimum password requirements
      ... say it risks decreasing security rather than improving it. ... > Ethical Hacking at the InfoSec Institute. ... to facilitate one-on-one interaction with one of our expert instructors. ... Attend a course taught by an expert instructor with years of in-the-field ...
      (Security-Basics)
    • Re: process identification
      ... IT Technical Security Officer ... the computer has an open port with a listening ftp-server, but there is no matching PID with netstat. ... to facilitate one-on-one interaction with one of our expert instructors. ... Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. ...
      (Security-Basics)
    • RE: Minimum password requirements
      ... I'd say it risks decreasing security rather than ... >> Ethical Hacking at the InfoSec Institute. ... to facilitate one-on-one interaction with one of our expert instructors. ... Attend a course taught by an expert instructor with years of in-the-field ...
      (Security-Basics)
    • RE: Wireless LAN Security for Warehouse
      ... Security Consultant ... Wireless LAN Security for Warehouse ... to facilitate one-on-one interaction with one of our expert instructors. ... Attend a course taught by an expert instructor with years of in-the-field ...
      (Security-Basics)
    • RE: fax software in the domain
      ... You could add an extra layer of security by changing by connecting the ... Ethical Hacking at the InfoSec Institute. ... Attend a course taught by an expert instructor with years of ...
      (Security-Basics)