Educause Security Discussion mailing list archives
Re: Win2003 Server, IPSEC & HackerDefender
From: "Berbeco, Robert W" <rberbeco () IUPUI EDU>
Date: Tue, 10 Aug 2004 11:54:45 -0500
Hackerdefender can be removed remotely. Hiding itself from remote viewing tends to be its weakness and it runs as a service. I have successfully removed it from multiple systems and have also used GPOs to disable Hackdefender. However, I agree that ultimately the system(s) should be rebuilt as others have mentioned. Bob Berbeco, M.S., MCSE, GSEC Manager of Network Services and Security IU Department of Medicine 575 West Drive, XE 010F Indianapolis, Indiana 46202-5205 (317) 278-1098 (317) 312-2497 (pager) (317) 274-7499 (fax) rberbeco () iupui edu -----Original Message----- From: The EDUCAUSE Security Discussion Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Weeks, Calvin W. Sent: Tuesday, August 10, 2004 11:41 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Win2003 Server, IPSEC & HackerDefender I would agree. Wipe the drive and start all over and change all passwords associated with the infected machine(s). This has been the only way that we have been able to remove H.D. Rootkit. For the IPSEC configurations we use the NSA guides and if sample configurations are needed please, request to me at cweeks () ou edu. We have samples for most services. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~Calvin Weeks, (CISSP), CISM, EnCE ~Director, OU Cyber Forensics Lab ~University of Oklahoma ~http://security.ou.edu -----Original Message----- From: The EDUCAUSE Security Discussion Group Listserv ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Attachment:
smime.p7s
Description:
Current thread:
- Win2003 Server, IPSEC & HackerDefender Michael G Carr (Aug 10)
- <Possible follow-ups>
- Re: Win2003 Server, IPSEC & HackerDefender Brian Eckman (Aug 10)
- Re: Win2003 Server, IPSEC & HackerDefender Steve Schuster (Aug 10)
- Re: Win2003 Server, IPSEC & HackerDefender Weeks, Calvin W. (Aug 10)
- Re: Win2003 Server, IPSEC & HackerDefender Danny Lee (Aug 10)
- Re: Win2003 Server, IPSEC & HackerDefender Berbeco, Robert W (Aug 10)