[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AW: [fd] AW: [Full-Disclosure] attacks shutting down windows machines?

To: mike@blakogre.com, vogt@hansenet.com, full-disclosure@lists.netsys.com
Subject: AW: [fd] AW: [Full-Disclosure] attacks shutting down windows machines?
From: vogt@hansenet.com
Date: Tue, 12 Aug 2003 13:16:28 +0200

> I wouldn't go by such anecdotal evidence as shutdown/reboot 
> times.  Check
> your event viewer logs for RPC/DCOM errors, monitor your 
> network traffic,
> check for the suspicious files on the systems, scan for the 
> ports opened by
> the worm, etc....

I would. Unfortunately, these are customer systems. We're 
an ISP. So whatever survives the filter 
(Machine)->(customer-brain)->(hotline)->(me) is what I have.


Tom Vogt
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: RE: [Full-Disclosure] ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd)
Next by Date: Re: [Full-Disclosure] ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd)
Prev by thread: Re: [Full-Disclosure] MSblast worm
Next by thread: [Full-Disclosure] dobble-clicking msblast.exe
Index(es):
- Date
- Thread