Vulnerability Development mailing list archives
Re: Windows file problem
From: Brian Battle <brian () CONFLUENCE COM>
Date: Tue, 10 Oct 2000 18:05:23 -0400
Microsoft has an old MSJ article on streams at: http://www.microsoft.com/msj/defaultframe.asp?page=/msj/1198/ntfs/ntfs.htm Also has other little known NTFS features such as reparse points, encrypted streams, and hard links. -----Original Message----- From: Paul Taylor [mailto:ptaylor () MARTNET COM] Sent: Monday, October 09, 2000 8:55 PM To: VULN-DEV () SECURITYFOCUS COM Subject: Re: Windows file problem
From http://patriot.net/~carvdawg/ads.html:
Finding alternate data streams Corporate information security policies should require that administrators perform regularly scheduled scans, particularly of key systems, to verify compliance with configuration standards. These scans should include a tool or process for detecting alternate data streams. Two tools available for detecting alternate data streams are: Streams.exe, written by Mark Russinovich and available from http://www.sysinternals.com/misc.htm#Streams "LADS", written by Frank Heyne and available from http://www.heysoft.de/index.htm These tools use the BackupRead() and BackupSeek() API calls to locate alternate data streams. Paul Taylor QVC, Inc., Data Security (610) 701-8761 On Mon, 9 Oct 2000, Flaherty, Jack wrote:
Yep. This has been a potential security risk for quite some time now
because
these extra file streams can be dropped anywhere (possibly behind
important
DLLs, etc.) They're perfect places to hide rootkits, stolen nuclear hard drive images, etc. Uhhh...Some white-hat group released a program to find file streams and delete them if necessary. I thought it was the L0pht, but I can't seem to remember now and I sure can't find it on their site. URL someone? amp
Current thread:
- Windows file problem poepping (Oct 07)
- Re: Windows file problem Kris Carlier (Oct 07)
- Re: Windows file problem Blake Frantz (Oct 07)
- Re: Windows file problem Simple Nomad (Oct 09)
- <Possible follow-ups>
- Re: Windows file problem Doe, John (Oct 07)
- Re: Windows file problem Flaherty, Jack (Oct 09)
- Re: Windows file problem Paul Taylor (Oct 09)
- Re: Windows file problem Kevin van Haaren (Oct 16)
- Re: Windows file problem Brian Battle (Oct 10)