Don't you need a UN sanction to do it that way??........:)) Steve -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Monday, January 13, 2003 10:47 PM To: Isa List Subject: [isalist] RE: ISA Alert Intrusion http://www.ISAserver.org Just to catch you "old school" guys up to the real world, it's called "nuke and pave" these days. Geeze, you'd think they never put down their last issue of Micro-Cornucopia... ;-p Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/pages/author_index.asp?aut=3 http://isatools.org Read the help / books / articles! ----- Original Message ----- From: "Greg Mulholland" <greg_mul@xxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Monday, January 13, 2003 16:56 Subject: [isalist] RE: ISA Alert Intrusion http://www.ISAserver.org We figured that, you old school dude you. Gotta be hip and happnein these days. Been some time since I used FDISK, yesterday I think :) I generally use "blow the sucker away" Greg Mulholland Computer Service Technician Harvey Norman Computers - Knox greg_mul@xxxxxxxxxxxxxxx +61 3 9881-3730 -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Monday, 13 January 2003 4:45 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA Alert Intrusion http://www.ISAserver.org Hi Steve, Just using fdisk as a generic term for blow up the drive :) HTH, Tom www.isaserver.org/shinder -----Original Message----- From: Steve Moffat [mailto:steve@xxxxxxxxxxxxxxx] Sent: Monday, January 13, 2003 1:00 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA Alert Intrusion http://www.ISAserver.org Are we all in the same thread here??? FDISK?? No-one use bootable cd's?? Steve ________________________________ From: Edward Sullivan [mailto:esullivan@xxxxxxx] Sent: Mon 13/01/2003 02:05 PM To: Isa List Subject: [isalist] RE: ISA Alert Intrusion http://www.ISAserver.org Also, the /MBR switch can be used from the command prompt within the OS, and will only overwrite your MBR, not the disk contents (operating system, program files, etc.) -----Original Message----- From: Simon Weaver [mailto:Simon.Weaver@xxxxxxxx] Sent: Monday, January 13, 2003 12:03 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA Alert Intrusion http://www.ISAserver.org Thanks! I am use to FDISK - just surprised I may have to use it :-) Simon Weaver Technical Consultant MCSE+Internet / MCSE Windows 2000 Integrated Solutions Corp. Ltd http://www.iscl.net -----Original Message----- From: Edward Sullivan [mailto:esullivan@xxxxxxx] Sent: 13 January 2003 17:54 To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA Alert Intrusion http://www.ISAserver.org See this link for more information: http://www.claws-and-paws.com/virus/articles/fdisk.shtml Again, this option should only be used if you know precisely what you are doing! -----Original Message----- From: Simon Weaver [mailto:Simon.Weaver@xxxxxxxx] Sent: Monday, January 13, 2003 11:50 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA Alert Intrusion http://www.ISAserver.org Thanks Ed Well I am not too sure either - again how PC anywhere caused this! I think I might just rebuild it - is there anything documented on this /mbr fix? Simon Weaver Technical Consultant MCSE+Internet / MCSE Windows 2000 Integrated Solutions Corp. Ltd http://www.iscl.net -----Original Message----- From: Edward Sullivan [mailto:esullivan@xxxxxxx] Sent: 13 January 2003 17:45 To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA Alert Intrusion http://www.ISAserver.org This is not a suggestion you try this, but an undocumented feature of FDISK is the "/MBR" switch. Specifying this switch at the end of the command will rebuild your master boot record. If your master boot record has become corrupted or altered by another program, this often will correct the problem. Again, I am not suggesting you try this, and am not sure it will fix the problem you are having, only sharing this information in case it should prove helpful to you. -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Monday, January 13, 2003 11:38 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA Alert Intrusion http://www.ISAserver.org Hi Simon, The only fix I know of is the FDISK rebuild. There should be a way to do this without FDISK, but the exact problem hasn't been described on how it whacks the console, so its hard to figure out the fix. Tom www.isaserver.org/shinder -----Original Message----- From: Simon Weaver [mailto:Simon.Weaver@xxxxxxxx] Sent: Monday, January 13, 2003 11:32 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA Alert Intrusion http://www.ISAserver.org Steve PC anywhere was installed soem time ago! I never realised this would cause problems!!! Would an uninstall not fix this? Simon Weaver Technical Consultant MCSE+Internet / MCSE Windows 2000 Integrated Solutions Corp. Ltd http://www.iscl.net -----Original Message----- From: Steve Moffat [mailto:steve@xxxxxxxxxxxxxxx] Sent: 13 January 2003 17:24 To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA Alert Intrusion http://www.ISAserver.org Has pcAnywhere been installed on the server, if so, you will have to rebuild the server as the pcAnywhere install really messes up the gina and authentication for the alerts. Steve ________________________________ From: Simon Weaver [mailto:Simon.Weaver@xxxxxxxx] Sent: Mon 13/01/2003 09:05 AM To: Isa List Subject: [isalist] ISA Alert Intrusion http://www.ISAserver.org Hello Everyone Got a few questions about ISA 2000 for SBS2000. I have enabled Intrusion Detection and sent alerts to my Email address. I receive the alerts, but I cannot seem to find what or who was trying to contact me. When I goto the "Monitoring" Folder and choose Alerts I get a Big Messge "Refresh Failed" with a Big circle and a white X! The message says "You do not have the necessary permissions to perform this operation". I click on CONTINUE, but all I see are the tabs at the bottom of the window (Services, Help, sessions, up, ect!). If I view on the REORTS Folder, it only shows OLD reports for December 2002 - nothing since the 19th Dec 02. Any ideas? Thanks Simon Weaver Technical Consultant MCSE+Internet / MCSE Windows 2000 Integrated Solutions Corp. Ltd http://www.iscl.net <http://www.iscl.net/> ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: steve@xxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') This E-Mail is confidential. It is not intended to be read, copied, disclosed or used by any person other than isalist@xxxxxxxxxxxxxx Unauthorised use, disclosure, or copying is strictly prohibited and may be unlawful. Optimum Computer Solutions disclaims any liability for any action taken in connection of this E-Mail. The comments or statements expressed in this E-Mail are not necessarily those of Optimum Computer Solutions or its subsidiaries or affiliates. usermanager@xxxxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: Simon.Weaver@xxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: esullivan@xxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: Simon.Weaver@xxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: esullivan@xxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: Simon.Weaver@xxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: esullivan@xxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: steve@xxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') This E-Mail is confidential. It is not intended to be read, copied, disclosed or used by any person other than isalist@xxxxxxxxxxxxxx Unauthorised use, disclosure, or copying is strictly prohibited and may be unlawful. Optimum Computer Solutions disclaims any liability for any action taken in connection of this E-Mail. The comments or statements expressed in this E-Mail are not necessarily those of Optimum Computer Solutions or its subsidiaries or affiliates. usermanager@xxxxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: gmulholland@xxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: steve@xxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') This E-Mail is confidential. It is not intended to be read, copied, disclosed or used by any person other than isalist@xxxxxxxxxxxxxx Unauthorised use, disclosure, or copying is strictly prohibited and may be unlawful. Optimum Computer Solutions disclaims any liability for any action taken in connection of this E-Mail. The comments or statements expressed in this E-Mail are not necessarily those of Optimum Computer Solutions or its subsidiaries or affiliates. usermanager@xxxxxxxxxxxxxxx