Full Disclosure mailing list archives
RE: Win32 Cisco Exploit
From: "Bojan Zdrnja" <Bojan.Zdrnja () LSS hr>
Date: Fri, 25 Jul 2003 08:50:49 +1200
-----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Michael Scheidell Sent: Thursday, 24 July 2003 11:09 p.m. To: Leif Sawyer Cc: full-disclosure () lists netsys com Subject: Re: [Full-disclosure] Win32 Cisco Exploit Sometimes we run things like this on our 'judas goat' computer. Not only is it not on our corporate network, but uses a different internet provider. We have sniffer^h^h^h^h^h^h^h snorter on it to watch the traffic. We run full sysdifs before and after, and just to be double paranoid, put the ghost image back on afterwards.. Don't forget to lock out the flash bios update on the computer.
For these "suspicious" binaries, I'd always suggest running them on an isolated computer (as you already do). Also, there is a very nice utility Roxio (now Symantec?) makes called GoBack which allows you to trace exactly what a process did and revert to the previous state. I've been using it to test various viruses and worms as it will print very nicely absolutely everything that happened. You might want to check it on: http://www.symantec.com/goback/ Regards, Bojan Zdrnja _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Win32 Cisco Exploit koec (Jul 23)
- RE: Win32 Cisco Exploit amilabs (Jul 24)
- MS03-031 rollup missing a patch? Geo. (Jul 24)
- Re: MS03-031 rollup missing a patch? Jensenne Roculan (Jul 24)
- RE: Win32 Cisco Exploit amilabs (Jul 24)
- Re: Win32 Cisco Exploit Joel R. Helgeson (Jul 24)
- RE: Win32 Cisco Exploit amilabs (Jul 24)
- MS03-031 rollup missing a patch? Geo. (Jul 24)
- RE: Win32 Cisco Exploit amilabs (Jul 24)
- <Possible follow-ups>
- RE: Win32 Cisco Exploit Leif Sawyer (Jul 24)
- Re: Win32 Cisco Exploit Michael Scheidell (Jul 24)
- RE: Win32 Cisco Exploit Bojan Zdrnja (Jul 24)
- Re: Win32 Cisco Exploit Michael Scheidell (Jul 24)
- Re: Win32 Cisco Exploit olafandjasper (Jul 24)