Kevin,
Just to add a little to the comments you've already received:
1) After a compromise, you essentially have 2 approaches: One,
cut the box off the network and leave it alone. Call local law
enforcement and the FBI. This approach is used if you wish to
pursue litigation. I should point
> > >Step #1 to securing NT: disable IIS ;-p
> >
> > Step #1 to securing your network - Remove all MS products.
>Step #1 to securing your network: remove all users.
Step #1 to securing your network: realizing no network is ever truly
"Secure"
Step #2: never accepting any one OS as better or m
>
>I suggest purchasing the ISS Network and Internet Scanner. They are
>awesome
>products!
As I earn a living from secure audits, I have my own toolset, which includes
neither of the above products, and no, I'm not going to tell you what I do
use, that would give the game away, wouldn't it.
I suggest purchasing the ISS Network and Internet Scanner. They are awesome
products!
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Robert Nelson-Cox
Sent: Tuesday, May 08, 2001 2:09 AM
To: [EMAIL PROTECTED]
Subject: Re: Just been Hacked! [7:3452
On Tue, 8 May 2001, Robert Nelson-Cox wrote:
> >Sorry to find humor in this (but that's my nature), but:
> >
> >Step #1 to securing NT: disable IIS ;-p
>
> Step #1 to securing your network - Remove all MS products.
Step #1 to securing your network: remove all users.
--
"Someone approached me
>
>Sorry to find humor in this (but that's my nature), but:
>
>Step #1 to securing NT: disable IIS ;-p
Step #1 to securing your network - Remove all MS products.
Rob./
www.nelsonsnetworks.com
_
Get Your Private, Free E-mai
I prefer just to turn the box off and dispose of properly
;)
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Monday, May 07, 2001 11:09 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Just been Hacked! [7:3452]
>
>
> Sorry to
Sorry to find humor in this (but that's my nature), but:
Step #1 to securing NT: disable IIS ;-p
--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/
""John Brandis"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROT
I'd be curious to see your PIX config. I bet we could make some suggestions
on tightening things up and also point out where they probably got through
(got any IIS boxes?).
--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.ne
He got in by using the unicode exploit. You have one of the following
situations:
1. wwwroot on the same drive as the OS.
2. msadc and/or scripts virtual directorys
Check the %systemroot%/Program Files/Common Files/System/msadc/ for a file
called "root.exe". This file is a copy of your "cmd.exe"
At 08:51 PM 5/7/01 -0400, John Brandis wrote:
>I was hacked by , Sysadmcn
>He got in and changed the web site to F- USA Govt.
>Does any one know what other changes to NT2000, besides renaming of the
>default web page, to one that he added. Also, does any one know how he got
>in ?
>
>
>
I was hacked by , Sysadmcn
He got in and changed the web site to F- USA Govt.
Does any one know what other changes to NT2000, besides renaming of the
default web page, to one that he added. Also, does any one know how he got
in ?
- Original Message -
From: "Kevin O'Gilvie"
T
At 10:32 AM 5/7/01 -0400, Kevin O'Gilvie wrote:
>Apparently over the weekend Poison Box got pass my Pix and overwrote some
>files on the intranet Box and maybe more damage than I know of at this
>Moment. I need help on finding out hjw they got in and how to prevent it
>happeneing in the future. Pl
Kevin O'Gilvie wrote:
>
> Apparently over the weekend Poison Box got pass my Pix and overwrote some
> files on the intranet Box and maybe more damage than I know of at this
> Moment. I need help on finding out hjw they got in and how to prevent it
> happeneing in the future. Please help.
>
Con
14 matches
Mail list logo
