NC_S_ISLCK Group Added

From: Ed Shirley (thewthrmanat_private)
Date: Thu Oct 25 2001 - 07:21:33 PDT

  • Next message: vishal pranjale: "fwd: Re: Slow FTP scan"

    Maybe this has happened to some of you before.  My
    primary vulnerability-assessment tool is an NT laptop
    that I have loaded mucho freeware and other
    questionable software onto.  I have hardened it pretty
    well, I think, because it often will sit on a dirty-e
    connection for hours at a time.  Since the others on
    our team are "curious", even leaving the thing on our
    production network puts the machine at risk for being
    h4x0red.  
    
    Occasionally, I go through it and make sure that no
    one installed back orifice or netcat or whatever on it
    and look at the group membership of user accounts, and
    also run a bunch of tools against it, just to make
    sure that it is still water-tight and soap proof. 
    Sometimes I find some filenames I don't recognize or
    other suspicious indications and search Technet or
    SecurityFocus or just plain Dogpile to see what turns
    up.  
    
    This morning, while doing my audit, I saw something
    that I don't recognize.  I am reluctant to expose my
    ignorance, but machine is important to me and I need
    to know what this might indicate.
    
    I was checking the user accounts and making sure that
    "guest" was still disabled and not an administrator
    (sometimes you don't want to delguest), and noticed
    that there was a group that I hadn't sen before.  It
    is called NC_S_ISLCK.  there are no members and no
    description.  Has anyone seen this group name before
    and is it indicative of a particular hack?  
    
    Feel free to respond of-list.
    
    Ed  
    
    __________________________________________________
    Do You Yahoo!?
    Make a great connection at Yahoo! Personals.
    http://personals.yahoo.com
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Thu Oct 25 2001 - 08:38:12 PDT