Port 109 Mystery

Douglas P. Brown dugbrown at email.unc.edu
Wed Mar 12 22:51:37 GMT 2003


Thanks to all who wrote to me off list - I've provided the administrator
with another laundry list to follow.  The consensus seems to be that
this is a "Windows Kernel root kit", booting the server in safe mode
should help tracking it down.  As I get more details from the folks on
the ground I'll provide them back to the list.

Harlan - IMHO these lists exist for IT professionals to share
information, to gather advice, and to provide advice.  I was attempting
to do the first two, and hoping for the third.  I appreciate the
suggestions you made, but if you're not able to provide them in a
courteous and honorable manner then please don't feel obligated to
respond to my posts.  I've seen much lamer analyses provided in the
past, but in the spirit of helping my colleagues I don't attack people.

Harlan Carvey wrote:
> 
> If you didn't do any of these things, quite honestly,
> there's no point posting to public lists.  If you
> didn't even save a copy of the exe file, there's no

Thanks again to everyone,
-Doug
-- 
Douglas Brown, CISSP
Manager of Security Resources
UNC Chapel Hill
Abernethy 105
"what can Brown do for you?"



More information about the unisog mailing list