I
would imagine that after the last couple of months, if he hasn't patched, he is
compromised.
You
may want to do some research on Code Red and Nimda for starters. Each of those
leave behind tell tale signs that they have been there.
Want to unsub? Do that here:-----Original Message-----
From: James Corlew [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 25, 2001 10:50 AM
To: NT System Admin Issues
Subject: What to check if my IIS server has been compromised.Hi everyone, I am a newer member to this list and enjoy all the good information everyone shares.I got an e-mail from our admin at another location looking for advice. I believe he is running IIS 4 on a NT 4 box without the current security patches. If a NAV Corporate edition scan doesn't come up with anything, what files, entries, accounts etc. should I look for after patching the server to be sure it isn't compromised?Thanks in advance for any helpJames Corlew
Get your FREE download of MSN Explorer at http://explorer.msn.com
Want to unsub? Do that here:
http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmin&text_mode=0&lang=english
http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmin&text_mode=0&lang=english
