So, after cleaning up the mess does anyone know if there are any logs of any
kind typically left behind on the actual machines themselves. I'm trying to see
if I can piece together the actual path taken for the original infection.
I had a very quick look at a patched / rebooted machine this evening but didn't
se anything obvious in the event viewer. Are there logfiles kept in any standard
places for MSDE and MS SQL Server?
ian
--
Ian O'Brien - Xilinx Network Security Engineer
-=- = Pager 408-696-2182 -=- Phone 408-879-5206
iobat_private - Please state the nature of your architectural emergency
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Jan 27 2003 - 09:27:22 PST