Hi Mark, > I'm working on a server that has been "owned" for over a year. Needless to > say, there are a significant number of what I would call "questionable" > files on the box. Some of them I can quickly identify, albeit not > authoritatively at this point, (e.g. httpodbc.dll), but others I cannot. > > If I MD5 the collection of questionable files, is there a database I can > cross-reference my MD5's against to authoritatively identify what these > things are? I understand I may end up with some unknowns depending on how > the executables were compressed and/or wrapped. While I'm not too sure about a source for Windows hashes, www.knowngoods.org is a great place for known good hashes of FreeBSD, Linux, Mac OS X and Solaris. Maybe if enough people ask them to, they'll add Windows hashes in the future. Regards, Jamie --- Jamie Gillespie, CISSP --- Australian Computer Emergency Response Team | Hotline: +61 7 3365 4417 (AusCERT) | Fax: +61 7 3365 7031 The University of Queensland | WWW: www.auscert.org.au Qld 4072 Australia | Email: auscertat_private ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Jan 23 2003 - 03:28:04 PST