>Oh contraire, the first thing we do when we go onsite to work on windows box >is ask my client to reboot it first, particularly if it is a server, as >occassionally they they do not come back up, and we do not want to be blamed >just because the OS is unstable
and you claim to be a security professional? ( Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA ) the first thing would be to sit down at the suspect console and observe. the second thing would be to... observe. then i might consider a course of action... possibly the box in question is instable because of a compromise, or a worm or a 0day... what about that Curt? never would i ( or tell anyone ) to just "reboot that box before i touch it" now i know why fortune 500 companies get horrendous infections. "shocked and awed" Donnie Werner http://exploitlabs.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
