NC_S_ISLCK Group Added

[Ed Shirley <thewthrman () yahoo com>]

Maybe this has happened to some of you before.  My
primary vulnerability-assessment tool is an NT laptop
that I have loaded mucho freeware and other
questionable software onto.  I have hardened it pretty
well, I think, because it often will sit on a dirty-e
connection for hours at a time.  Since the others on
our team are "curious", even leaving the thing on our
production network puts the machine at risk for being
h4x0red.  

Occasionally, I go through it and make sure that no
one installed back orifice or netcat or whatever on it
and look at the group membership of user accounts, and
also run a bunch of tools against it, just to make
sure that it is still water-tight and soap proof. 
Sometimes I find some filenames I don't recognize or
other suspicious indications and search Technet or
SecurityFocus or just plain Dogpile to see what turns
up.  

This morning, while doing my audit, I saw something
that I don't recognize.  I am reluctant to expose my
ignorance, but machine is important to me and I need
to know what this might indicate.

I was checking the user accounts and making sure that
"guest" was still disabled and not an administrator
(sometimes you don't want to delguest), and noticed
that there was a group that I hadn't sen before.  It
is called NC_S_ISLCK.  there are no members and no
description.  Has anyone seen this group name before
and is it indicative of a particular hack?  

Feel free to respond of-list.

Ed  

__________________________________________________
Do You Yahoo!?
Make a great connection at Yahoo! Personals.
http://personals.yahoo.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com