Security Incidents mailing list archives
Re: maybe a simple problem
From: "Igor D. Spivak" <urbanachiever () attbi com>
Date: Wed, 2 Oct 2002 12:49:32 -0700
the way to track that is not trough netstat (is too dependent on chance), but rather through a process/loaded dll list from an infected machine, being compared to a similar list on a known good machine and all non-matching entries researched. now then http://www.sysinternals.com/win9x/98utilities.shtml this should help you. also, what does the telescope look like (just curious). regards, IDS ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- SV: Unusual volume: UDP:137 probes, (continued)
- SV: Unusual volume: UDP:137 probes Peter Kruse (Oct 01)
- Re: Unusual volume: UDP:137 probes Christopher Albert (Sep 30)
- RE: Unusual volume: UDP:137 probes Richard . Grant (Oct 01)
- RE: Unusual volume: UDP:137 probes Nick FitzGerald (Oct 03)
- Re: Unusual volume: UDP:137 probes Alain Fauconnet (Oct 04)
- Re: Unusual volume: UDP:137 probes Matt Power (Oct 05)
- RE: Unusual volume: UDP:137 probes Nick FitzGerald (Oct 03)
- RE: Unusual volume: UDP:137 probes Scott, Michael R. (Oct 01)
- Re: Unusual volume: UDP:137 probes Axel Pettinger (Oct 01)
- Re: Unusual volume: UDP:137 probes James Sneeringer (Oct 01)
- maybe a simple problem Andrew Fison (Oct 02)
- Re: maybe a simple problem Igor D. Spivak (Oct 02)
- RE: maybe a simple problem Greg Reber (Oct 03)
- Re: maybe a simple problem Brad Arlt (Oct 03)
- Re: Unusual volume: UDP:137 probes James Sneeringer (Oct 01)
- Re: Unusual volume: UDP:137 probes John Sage (Oct 01)