Re: Port 109 Mystery

From: Douglas Brown (dugbrownat_private)
Date: Thu Mar 13 2003 - 07:54:00 PST

Next message: Rob Shein: "RE: CodeRed Observations."

Previous message: Andy Polyakov: "Re: [unisog] Port 109 Mystery"
Maybe in reply to: Douglas Brown: "Port 109 Mystery"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Thanks to all who wrote to me off list - I've provided the administrator
with another laundry list to follow.  The consensus seems to be that
this is a "Windows Kernel root kit", booting the server in safe mode
should help tracking it down.  As I get more details from the folks on
the ground I'll provide them back to the list.

Thanks again to everyone,
-Doug
-- 
Douglas Brown, CISSP
Manager of Security Resources
UNC Chapel Hill
Abernethy 105
"what can Brown do for you?"
      	


----------------------------------------------------------------------------

<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>

Next message: Rob Shein: "RE: CodeRed Observations."
Previous message: Andy Polyakov: "Re: [unisog] Port 109 Mystery"
Maybe in reply to: Douglas Brown: "Port 109 Mystery"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Mar 13 2003 - 08:05:12 PST