Security Basics mailing list archives
Re: Analyzing Suspicious Attachment
From: brian.bevers () gmail com
Date: Thu, 17 Jan 2008 18:37:31 +0000
I concur, once you suspect a comprimise, reimage that puppy. Of course making an image of the suspect systems for your analysis and joy :) Setup some acl's on the perimeter firewall for those 3 IP's and watch what they try to do and go ?? Sent via BlackBerry by AT&T -----Original Message----- From: "Ali, Saqib" <docbook.xml () gmail com> Date: Thu, 17 Jan 2008 09:53:02 To:"Al Cooper" <cooper () hmcnetworks com> Cc:security-basics () securityfocus com Subject: Re: Analyzing Suspicious Attachment
Outside of the obvious policy and training issues, what is the best way to determine what if any damage has been done to the network? What tools do I need to analysis the attachment to see what it is and how it works?
i would backup just the "data" files from the computers, re-image the machine, and then restore the data files. you can never fully determine the extent of the damage, so it is better to re-image the machine..... saqib http://www.quantumcrypto.de/dante/
Current thread:
- AW: Remote desktop access policy, (continued)
- AW: Remote desktop access policy Johannes Lemmerer (Jan 18)
- Re: Remote desktop access policy Josh Haft (Jan 18)
- Re: Remote desktop access policy The Security Community (Jan 18)
- Re: Remote desktop access policy Kurt Buff (Jan 19)
- Re: Remote desktop access policy WALI (Jan 21)
- Re: Remote desktop access policy Kurt Buff (Jan 21)
- Re: Remote desktop access policy Gleb Paharenko (Jan 18)
- Re: Remote desktop access policy Kurt Buff (Jan 19)
- Re: Analyzing Suspicious Attachment brian . bevers (Jan 17)
- RE: Analyzing Suspicious Attachment Richard Golodner (Jan 18)
- Re: Analyzing Suspicious Attachment Josh Haft (Jan 18)
- RE: Analyzing Suspicious Attachment Petter Bruland (Jan 18)
- Re: Analyzing Suspicious Attachment Lee Hinman (Jan 18)