AW: [fd] AW: attacks shutting down windows mach ines?

[vogt () hansenet com]

> I wouldn't go by such anecdotal evidence as shutdown/reboot 
> times.  Check
> your event viewer logs for RPC/DCOM errors, monitor your 
> network traffic,
> check for the suspicious files on the systems, scan for the 
> ports opened by
> the worm, etc....

I would. Unfortunately, these are customer systems. We're 
an ISP. So whatever survives the filter 
(Machine)->(customer-brain)->(hotline)->(me) is what I have.


Tom Vogt
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html