Re: mysterious attack on Windows 2000 servers (Help needed)
From: Brill Pappin (brillpappin@rogers.com)
Date: 09/15/02
- Next message: paul: "win2k pro can not right click properties on folders"
- Previous message: David Wright: "win2kpro on NT4 domain"
- In reply to: karl [x y]: "Re: mysterious attack on Windows 2000 servers (Help needed)"
- Next in thread: belgarath: "Re: mysterious attack on Windows 2000 servers (Help needed)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Brill Pappin" <brillpappin@rogers.com> Date: Sun, 15 Sep 2002 13:16:48 -0400
> I assume you've checked the firewall logs. You could also try creating a
> readme.bat file and removing permissions for anyone to access that file
> [including system and administrators].
In fact leave it harmless so it doesn't delete anything, and audit it, so
you can see who/what is executing it.
For all you know you've got someone inside that's doing it... or even a
previous admin who has a backdoor... you where hired after it happened
right? so who was running the system before you?
- Brill Pappin
- Next message: paul: "win2k pro can not right click properties on folders"
- Previous message: David Wright: "win2kpro on NT4 domain"
- In reply to: karl [x y]: "Re: mysterious attack on Windows 2000 servers (Help needed)"
- Next in thread: belgarath: "Re: mysterious attack on Windows 2000 servers (Help needed)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
