Re: diagnose compromise on NT

From: Patrick Andry (pandryat_private)
Date: Mon Jul 22 2002 - 08:05:20 PDT

Next message: Lucas: "RE: Scanning Port UDP 4668"

Previous message: Hornat, Charles: "RE: diagnose compromise on NT"
In reply to: Ingersoll, Jared: "diagnose compromise on NT"
Next in thread: H C: "Re: diagnose compromise on NT"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Ingersoll, Jared wrote:
> Does anyone know of any good tools that can be used on an NT 4.0 box to
> (help) diagnose a system compromise? I've been playing around with inzider
> with limited results.
> 
> Thanks,
> 
> Jared
> 
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management 
> and tracking system please see: http://aris.securityfocus.com

What type of system compromise?
Did event log/web logs show any activity?

PStools from sysinternals is usually a good set of raw tools to use, but you 
have to know what you are looking for in order for them to be of any use.


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Lucas: "RE: Scanning Port UDP 4668"
Previous message: Hornat, Charles: "RE: diagnose compromise on NT"
In reply to: Ingersoll, Jared: "diagnose compromise on NT"
Next in thread: H C: "Re: diagnose compromise on NT"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jul 22 2002 - 09:51:28 PDT