[logs] RE: log data?

From: Eric Fitzgerald (ericfat_private)
Date: Tue Jan 28 2003 - 11:46:16 PST

  • Next message: Rainer Gerhards: "RE: [logs] Re: Reliably detecting things like the SQL worm...."

    Investigating- I just returned from OOF and I don't have logs from an
    infected machine yet.
    -----Original Message-----
    From: Tina Bird [mailto:tbird@precision-guesswork.com] 
    Sent: Saturday, January 25, 2003 8:09 PM
    To: eric.schultzeat_private; Eric Fitzgerald; Johannes Ullrich;
    Subject: log data?
    On Sat, 25 Jan 2003, Johannes Ullrich wrote:
    > oh well.. back to counting packets. BTW: Any idea what this worm looks
    > like in any MSFT application logs?
    So now that the feathers are settling -- anyone have Event Log data
    signatures of Sapphire/SQL Slammer, successful or otherwise?
    thanks -- tbird
    I, on the other hand, do not work. I enjoy the slothful life of an
    artist, and while away the hours in meaningless aesthetic pursuits
    punctuated by bouts of hedonistic debauchery and an occasional nap.
                                                  -- David Rinehart
    Log Analysis http://www.loganalysis.org
    VPN http://vpn.shmoo.com
    LogAnalysis mailing list

    This archive was generated by hypermail 2b30 : Tue Jan 28 2003 - 12:13:54 PST