| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: Bojan.Zdrnja at LSS.hr (Bojan Zdrnja) Subject: Win32 Cisco Exploit > -----Original Message----- > From: full-disclosure-admin@...ts.netsys.com > [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of > Michael Scheidell > Sent: Thursday, 24 July 2003 11:09 p.m. > To: Leif Sawyer > Cc: full-disclosure@...ts.netsys.com > Subject: Re: [Full-Disclosure] Win32 Cisco Exploit > > Sometimes we run things like this on our 'judas goat' computer. > Not only is it not on our corporate network, but uses a different internet > provider. > > We have sniffer^h^h^h^h^h^h^h snorter on it to watch the traffic. > > We run full sysdifs before and after, and just to be double paranoid, put > the ghost image back on afterwards.. Don't forget to lock out the flash > bios update on the computer. For these "suspicious" binaries, I'd always suggest running them on an isolated computer (as you already do). Also, there is a very nice utility Roxio (now Symantec?) makes called GoBack which allows you to trace exactly what a process did and revert to the previous state. I've been using it to test various viruses and worms as it will print very nicely absolutely everything that happened. You might want to check it on: http://www.symantec.com/goback/ Regards, Bojan Zdrnja
Powered by blists - more mailing lists