Maybe this has happened to some of you before. My primary vulnerability-assessment tool is an NT laptop that I have loaded mucho freeware and other questionable software onto. I have hardened it pretty well, I think, because it often will sit on a dirty-e connection for hours at a time. Since the others on our team are "curious", even leaving the thing on our production network puts the machine at risk for being h4x0red. Occasionally, I go through it and make sure that no one installed back orifice or netcat or whatever on it and look at the group membership of user accounts, and also run a bunch of tools against it, just to make sure that it is still water-tight and soap proof. Sometimes I find some filenames I don't recognize or other suspicious indications and search Technet or SecurityFocus or just plain Dogpile to see what turns up. This morning, while doing my audit, I saw something that I don't recognize. I am reluctant to expose my ignorance, but machine is important to me and I need to know what this might indicate. I was checking the user accounts and making sure that "guest" was still disabled and not an administrator (sometimes you don't want to delguest), and noticed that there was a group that I hadn't sen before. It is called NC_S_ISLCK. there are no members and no description. Has anyone seen this group name before and is it indicative of a particular hack? Feel free to respond of-list. Ed __________________________________________________ Do You Yahoo!? Make a great connection at Yahoo! Personals. http://personals.yahoo.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Oct 25 2001 - 08:38:12 PDT