April, > I'm an exceptionally unhappy admin (and perhaps a little > embarassed as well). At this point I'm assuming it's > impossible to adequately secure IIS server with > Frontpage extensions? I'm sure you're unhappy, but I'm more than a little concerned that given your certs: > April Johnson (CISSP, CCNP, MCSE) ...you're going to format the box w/o ever determining how the box was compromised. You made several statements in your post regarding what you found, but there is nothing at all to indicate that the avenue of infection was IIS w/ FrontPage extensions. You never made mention of reviewing the IIS logs or any other data on the system. As a CISSP, you should be very well aware that formatting and reinstalling a box w/o determining how it was broken into could easily lead to the box being re-compromised when you stand it up again. I'd like to assist you w/ this, but it's likely you've already formatted the box by now... Harlan __________________________________ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com ---------------------------------------------------------------------------- Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out. www.blackhat.com ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Wed Jul 16 2003 - 15:42:50 PDT