If you have some money approved, I think this is one of the best pay
protections possible.
http://www.eeye.com/html/Products/SecureIIS/index.html
JayW
dave kleiman [EMAIL PROTECTED] 08/05/03 11:21AM
Yes IIS Lockdown and UrlScan are an important part of for locking down
an
IIS server.
Also
Ask again on a different day guys. Many are out trying to fight the
worm at the moment. You may get more replies in a week or so.
JayW
Duffy Hazelhurst [EMAIL PROTECTED] 08/11/03 07:07PM
I can't wait to see the reply, I'd love to know the answer myself.
Duffy
-Original
All the tools do what they say they will, but most people's argument is,
If your box was compromised, how do you know what all was done to it
while it was compromised?. In other words, I find your box and I put a
homemade .exe on there that sends me files, etc. You run the cleanup
and it cleans
Here was the one I used to catch my wife's IM logs. The divorce went
very smooth from there. :)
http://www.winwhatwhere.com/
JayW
Christian Freas [EMAIL PROTECTED] 06/12/03
02:39PM
You might want to take a look at
http://www.spectorsoft.com/
They make a couple of products, one a key
Send them an e-mail telling them they have won $1,000,000 and you need
their name and address.
JayW
P.S. We just went through this too and there is basically nothing. We
started blocking mail from that address, but they can just get another
one if they are really persistent. We changed the
:
In a previous message Jay Woody [mailto:[EMAIL PROTECTED]] was rumoured to
have said:
You guys trip me out. Go to Yahoo and put in
Richard Clarke + coffee. You can watch the
speech in it's entirety. Sometimes the simplest
things . . .
Hate to say it, but I'll take my pot shot, in the case
I was just reading something that someone forwarded me from Tech Republic I think
(doesn't really matter as the author's e-mail address is included, so you can write
there directly). This might interest you as you are looking into this technology
right now.
WHY SINGLE SIGN-ON IS STILL A BAD
If this is a power-on password, usually there is a jumper that resets this on the
motherboard. Last ditch, I have just removed the CMOS battery fr 30 minutes to 1
hour. This deletes all info (hard drive size, etc.) but the password goes along with
it.
There may also be a vendor provided way
and the scanner quit squawking. Looking back
at the box I realized that it was a created share and not one of the default ones.
JayW
Mark Maher [EMAIL PROTECTED] 09/25/01 11:50AM
My Point: there is no open guest share!
Jay Woody [EMAIL PROTECTED] 09/25/01 11:36AM
But yet, you still have
But yet, you still have an open guest share on the PDC. This still goes back to my
surely no admin with a brain would do this argument.
JayW
Mark Maher [EMAIL PROTECTED] 09/24/01 08:12AM
I also ran the scanner and received Open Guest Share - Infected on our PDC. We
tested and ran virus
snip
Err, for example, the sadmind worm is well known enough to be
one of many hints for eEye to know that the mere existence of
a cmd.exe backdoor is not proof for CodeRed. It is suspicious,
obviously, but if there is no way to conclusively identify a CR2
infection, no scanners should
I am not trying to be weird here, but all any scanner can do is check to see if the
known things about the virus are true. I want to know if a backdoor is there. I
don't care if it was Nimda or CDII that put it there or even if it was something else.
First, these worms change all the time,
12 matches
Mail list logo
