Re: Advapi Events - Log on/off - Should I be suspicious of these??
From: w. jORDAN (wmjordan@163.com)
Date: 02/22/03
- Next message: Peter L: "Re: a forensic question"
- Previous message: Joe Richards [MVP]: "Re: Network Queries"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "w. jORDAN" <wmjordan@163.com> Date: Sat, 22 Feb 2003 23:45:07 +0800
I am so sorry that I am just a newbie.
And I also very much wanna find out more about Server security....
"Emdee" <mikeDONTSPAM@webheat.co.uk>
wrote:3e55f6a7$0$12011$afc38c87@news.easynet.co.uk...
> It's not runn ASPnet but is serving ASP web pages.
>
> I've read up in a few places that Advapi is used to impersonate another
user
> from within ASP.
>
> It's possible that this is being used legitimately but I'm trying to find
> out on the sly before I raise any concerns that a). I don't know how to do
> my job b).we've been hacked.
>
> If anyone has any info about the ASP code that would be used to call the
> Advapi COM component to change to user X then I'd be very grateful.
>
> Thanks
>
- Next message: Peter L: "Re: a forensic question"
- Previous message: Joe Richards [MVP]: "Re: Network Queries"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
