Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Patrick S. Harper (patrickinternetsecurityguru.com)
Date: Thu Sep 20 2001 - 15:18:53 CDT
It should give you a warning that they were removed. If you hit cancel
on the replace they are not replaced until you next hotfix or service
The other choice would be to acl the files directly. That wouldn't be
that hard to script out
Peace, commerce, and honest friendship with all nations -- entangling
alliances with none.
--Thomas Jefferson (1743-1826)
From every mountainside let freedom ring.
--Samuel Francis Smith, from the anthem "America", 1831
From: Christopher Scragg [mailto:cscraggworkgroup.net]
Sent: Thursday, September 20, 2001 1:13 PM
To: Douglas Spooner; focus-mssecurityfocus.com
Subject: RE: Move those files! cmd.exe tftp.exe etc ...
... Which would be nice if everyone were running Windows NT, but as most
Win2k users are aware, Windows replaces the removed files. Microsoft
found it important make system files resilient - go figure.
Chief Technology Officer
Business Information Group
:From: Douglas Spooner [mailto:webmastertechnicweb.com]
:Sent: Thursday, September 20, 2001 12:01 PM
:Subject: Move those files! cmd.exe tftp.exe etc ...
:I've found thats its usally best to move all these files out
:of the /system32 dir and place them in a dir with secure
:permissions, that way if the request does get through the
:file(s) its looking for wont be there :)
: xcopy.exe, wscript.exe, cscript.exe, net.exe, ftp.exe, telnet.exe,
: arp.exe, edlin.exe, ping.exe, route.exe, at.exe, finger.exe,
: posix.exe, rsh.exe atsvc.exe qbasic.exe syskey.exe
: cacls.exe ipconfig.exe, rcp.exe, secfixup.exe, nbtstat.exe,
: rdisk.exe, debug.exe, regedt32.exe, regedit.exe, edit.com,
: netstat.exe, tracert.exe, nslookup.exe, rexec.exe, cmd.exe,
: nslookup.exe, tftp.exe
:The above tools I think would probably be what most
:worms/script kiddies would be looking for if your system got
:Sys Admin / Web Developer
:"I say we take off and nuke the entire site from orbit"
:Kosch Of Saryrn