Check out "Intact" by Pedestal Software (www.pedestalsoftware.com) for an enterprise tripwire solution.
Jon ---------- Original Message ---------------------------------- From: Reichert Holger <[EMAIL PROTECTED]> Date: Wed, 30 Jan 2002 15:42:09 +0100 >Hello John, > >You asked about Tripwire-like Tools for Windows > >Tripwire exists for Win NT www.tripwire.com >Another Tool is System Scanner from ISS > >Best wishes > >Holger Reichert >www.holysword.de > >-----Urspr�ngliche Nachricht----- >Von: John Oliver [mailto:[EMAIL PROTECTED]] >Gesendet: Montag, 28. Januar 2002 20:56 >An: [EMAIL PROTECTED]; [EMAIL PROTECTED] >Betreff: Windows NT intrusion > > >Last week, I had a clients' NT Server 4.0 machine show definite signs of >compromise... all sorts of odd ports listening, including some traceable >back to WinGate (which we never installed!), and some others that were >known as some IRC-related stuff. With a UNIXy OS, I have a pretty >decent idea of how to find out what happened, when, etc. and maybe even >clean up. But Windows? I took the easy route... on Saturday, I just >nuked the OS, installed W2K, patched, etc. But are there any sites that >have good documentation about post-mortems on Windows boxen? Or even a >class in the San Diego area? > >Also, any thoughts on things I can do to make things easier on myself... >I've found some tools that can send the NT system logs to an off-host >syslogd. Are there any Tripwire-like tools for NT? Any such thing as >an immutable bit? > >-- >John Oliver >System Administrator >hosting.com, an Allegiance Telecom company >mailto:[EMAIL PROTECTED] >(858) 637-3600 >http://www.hosting.com/ >
