To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- On 18/01/07, Dave Ellingsberg <[EMAIL PROTECTED]> wrote: > > 2. if you're domain admin, you can ask your windows boxes for things > like: > a. contents of %WINNT%/system32/drivers/etc/hosts (is that the right > path?) > there will often be entries like 127.0.0.1 liveupdate.symantec.com > if you've got nasties > > the use of the hosts file is really out of date and unneeded, why do not > smart admins just remove all write access to it even for the admin and > system? this takes care of lots of unneeded edits to a file that is > really not neccessary with modern DNS!
Yep, I agree - I wasn't suggesting how to admin Windows boxes, only some things to look for which indicate problems. cheers, Jamie -- Jamie Riden, CISSP / [EMAIL PROTECTED] / [EMAIL PROTECTED] NZ Honeynet project - http://www.nz-honeynet.org/ _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
