Re: Some details in a recent NT hack we encountered

[Matt Scarborough <vexversa () USA NET>]

On Fri, 2 Mar 2001 14:29:06 +0000 (GMT), Gossi The Dog <gossi () owned lab6 com>
wrote:

> > On Sun, 25 Feb 2001, Matt Scarborough wrote:
> > I sent details on this to the Incidents list on February 20, 2001. It
would
> > have helped you find what is missing. I captured the entire kit.
> Could you repost it at all?  I'm fairly interested in this kit for various
> reasons.

I am unable to find it on Security Focus' website. You may find it here
http://archives.neohapsis.com/archives/incidents/2001-02/0263.html
or by sending the appropriately formatted  request to
listserv () lists securityfocus com
with something like
GETPOST INCIDENTS 4289

Please note, in the spirit of the Incidents list,

"a lightly moderated mailing list to facilitate the quick exchange of security
incident information,"

my original post was aimed at quick identification of the BackGate Kit by file
name, strings, and installation method so others could determine how best to
proceed if encountered. This thread contains additional information which is
very helpful to understanding the kit.

But I wonder if we are moving toward discussion better suited to the Forensics
or Focus-MS lists?

Matt 2001-02-26

____________________________________________________________________
Get free email and a permanent address at http://www.amexmail.com/?A=1