... Which would be nice if everyone were running Windows NT, but as most
Win2k users are aware, Windows replaces the removed files. Microsoft
found it important make system files resilient - go figure.

 
Christopher Scragg
Chief Technology Officer
Business Information Group

:-----Original Message-----
:From: Douglas Spooner [mailto:webmastertechnicweb.com]
:Sent: Thursday, September 20, 2001 12:01 PM
:To: 'focus-mssecurityfocus.com'
:Subject: Move those files! cmd.exe tftp.exe etc ...
:
:
:I've found thats its usally best to move all these files out
:of the /system32 dir and place them in a dir with secure
:permissions, that way if the request does get through the
:file(s) its looking for wont be there :)
:
: xcopy.exe, wscript.exe, cscript.exe, net.exe, ftp.exe, telnet.exe,
: arp.exe, edlin.exe, ping.exe, route.exe, at.exe, finger.exe,
: posix.exe, rsh.exe atsvc.exe qbasic.exe syskey.exe
: cacls.exe ipconfig.exe, rcp.exe, secfixup.exe, nbtstat.exe,
: rdisk.exe, debug.exe, regedt32.exe, regedit.exe, edit.com,
: netstat.exe, tracert.exe, nslookup.exe, rexec.exe, cmd.exe,
: nslookup.exe, tftp.exe
:
:The above tools I think would probably be what most
:worms/script kiddies would be looking for if your system got
:comprimised.
:
:Regards
:
:Douglas Spooner
:Sys Admin / Web Developer
:Technicweb.com
:
:"I say we take off and nuke the entire site from orbit"
:
:Kosch Of Saryrn
:

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]