on: John Oliver [mailto:[EMAIL PROTECTED]]
Gesendet: Donnerstag, 31. Januar 2002 18:39
An: [EMAIL PROTECTED]
Betreff: Re: AW: Windows NT intrusion
Reichert Holger wrote:
>
> Hello John,
>
> You asked about Tripwire-like Tools for Windows
>
> Tripwire exists for Win NT www.trip
Hello John,
You asked about Tripwire-like Tools for Windows
Tripwire exists for Win NT www.tripwire.com
Another Tool is System Scanner from ISS
Best wishes
Holger Reichert
www.holysword.de
-Ursprüngliche Nachricht-
Von: John Oliver [mailto:[EMAIL PROTECTED]]
Gesendet: Montag, 28. Jan
Sorry Mr. Kleber but you should also read the Hardening VS Firewalling
Thread
Even if you've the best firewall available you will have problems with
security, if you do nothing more than firewalling.
It's not the way to post in a security list to say, take this or that
product and you will have
Hello Jim,
these traces look like a worm called nimda which appeared last year.
Here is a sample trace:
2001-09-19 00:00:00 x.x.x.x y.y.y.y GET /scripts/root.exe 404 820 72 80
HTTP/1.0 - -
2001-09-19 00:00:00 x.x.x.x y.y.y.y GET /MSADC/root.exe 404 820 70 80
HTTP/1.0 - -
2001-09-19 00:00:00 x.
Hello Trevor
first of all as you may guess, (nobody else replied), i think that this list
is not the right one to post such events.
I propose to cross post it to [EMAIL PROTECTED]
There you're more likely to find the specialists in logfile reading.
I myself am only a beginner in intrusion anal
Hi
there's one thing left to say:
If you open SSL on your Firewall, the data stream goes, without
virus-scanning at the perimeter,
directly to your client.
For normal http-traffic you should have virus and active content filterering
on a gateway at your perimeter.
This line of defence does not co