Mark, A good md5 database is the NSRL by NIST (http://www.nsrl.nist.gov). I believe it is free for distribution, but if you can't find someone who already has it, you can order it in a CD from them for $95. It contains hash sets for every MS OS, some hacker tools and Trojans, most Windows apps, games, etc. HTH, -Inigo On Fri, Jan 17, 2003 at 03:01:19PM -0800, Mark G. Spencer wrote: > I'm working on a server that has been "owned" for over a year. Needless to > say, there are a significant number of what I would call "questionable" > files on the box. Some of them I can quickly identify, albeit not > authoritatively at this point, (e.g. httpodbc.dll), but others I cannot. > > If I MD5 the collection of questionable files, is there a database I can > cross-reference my MD5's against to authoritatively identify what these > things are? I understand I may end up with some unknowns depending on how > the executables were compressed and/or wrapped. ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Jan 23 2003 - 03:29:28 PST