RE: ISA Alert Intrusion

• From: "Steve Moffat" <steve@xxxxxxxxxxxxxxx>
• To: "Isa List" <isalist@xxxxxxxxxxxxx>
• Date: Tue, 14 Jan 2003 03:02:21 -0000

Don't you need a UN sanction to do it that way??........:))

Steve

-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] 
Sent: Monday, January 13, 2003 10:47 PM
To: Isa List
Subject: [isalist] RE: ISA Alert Intrusion


http://www.ISAserver.org


Just to catch you "old school" guys up to the real world, it's called
"nuke and pave" these days. Geeze, you'd think they never put down their
last issue of Micro-Cornucopia... ;-p

 Jim Harrison
 MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/pages/author_index.asp?aut=3
 http://isatools.org
 Read the help / books / articles!

----- Original Message -----
From: "Greg Mulholland" <greg_mul@xxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Monday, January 13, 2003 16:56
Subject: [isalist] RE: ISA Alert Intrusion


http://www.ISAserver.org


We figured that, you old school dude you. Gotta be hip and happnein
these days. Been some time since I used FDISK, yesterday I think :)

I generally use "blow the sucker away"

Greg Mulholland
Computer Service Technician
Harvey Norman Computers - Knox
greg_mul@xxxxxxxxxxxxxxx
+61 3 9881-3730







-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Monday, 13 January 2003 4:45 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA Alert Intrusion


http://www.ISAserver.org


Hi Steve,

Just using fdisk as a generic term for blow up the drive :)

HTH,
Tom
www.isaserver.org/shinder


-----Original Message-----
From: Steve Moffat [mailto:steve@xxxxxxxxxxxxxxx]
Sent: Monday, January 13, 2003 1:00 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA Alert Intrusion


http://www.ISAserver.org


Are we all in the same thread here???

FDISK??  No-one use bootable cd's??

Steve
________________________________

From: Edward Sullivan [mailto:esullivan@xxxxxxx]
Sent: Mon 13/01/2003 02:05 PM
To: Isa List
Subject: [isalist] RE: ISA Alert Intrusion


http://www.ISAserver.org


Also, the /MBR switch can be used from the command prompt within the OS,
and will only overwrite your MBR, not the disk contents (operating
system, program files, etc.)

-----Original Message-----
From: Simon Weaver [mailto:Simon.Weaver@xxxxxxxx]
Sent: Monday, January 13, 2003 12:03 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA Alert Intrusion


http://www.ISAserver.org


Thanks!
I am use to FDISK - just surprised I may have to use it :-)

Simon Weaver
Technical Consultant
MCSE+Internet / MCSE Windows 2000
Integrated Solutions Corp. Ltd
http://www.iscl.net


-----Original Message-----
From: Edward Sullivan [mailto:esullivan@xxxxxxx]
Sent: 13 January 2003 17:54
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA Alert Intrusion


http://www.ISAserver.org


See this link for more information:

http://www.claws-and-paws.com/virus/articles/fdisk.shtml

Again, this option should only be used if you know precisely what you
are doing!


-----Original Message-----
From: Simon Weaver [mailto:Simon.Weaver@xxxxxxxx]
Sent: Monday, January 13, 2003 11:50 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA Alert Intrusion


http://www.ISAserver.org


Thanks Ed
Well I am not too sure either - again how PC anywhere caused this! I
think I might just rebuild it - is there anything documented on this
/mbr fix?

Simon Weaver
Technical Consultant
MCSE+Internet / MCSE Windows 2000
Integrated Solutions Corp. Ltd
http://www.iscl.net


-----Original Message-----
From: Edward Sullivan [mailto:esullivan@xxxxxxx]
Sent: 13 January 2003 17:45
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA Alert Intrusion


http://www.ISAserver.org


This is not a suggestion you try this, but an undocumented feature of
FDISK is the "/MBR" switch. Specifying this switch at the end of the
command will rebuild your master boot record. If your master boot record
has become corrupted or altered by another program, this often will
correct the problem.

Again, I am not suggesting you try this, and am not sure it will fix the
problem you are having, only sharing this information in case it should
prove helpful to you.

-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Monday, January 13, 2003 11:38 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA Alert Intrusion


http://www.ISAserver.org


Hi Simon,

The only fix I know of is the FDISK rebuild. There should be a way to do
this without FDISK, but the exact problem hasn't been described on how
it whacks the console, so its hard to figure out the fix.

Tom
www.isaserver.org/shinder


-----Original Message-----
From: Simon Weaver [mailto:Simon.Weaver@xxxxxxxx]
Sent: Monday, January 13, 2003 11:32 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA Alert Intrusion


http://www.ISAserver.org


Steve
PC anywhere was installed soem time ago!
I never realised this would cause problems!!!

Would an uninstall not fix this?

Simon Weaver
Technical Consultant
MCSE+Internet / MCSE Windows 2000
Integrated Solutions Corp. Ltd
http://www.iscl.net


-----Original Message-----
From: Steve Moffat [mailto:steve@xxxxxxxxxxxxxxx]
Sent: 13 January 2003 17:24
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA Alert Intrusion


http://www.ISAserver.org


Has pcAnywhere been installed on the server, if so, you will have to
rebuild the server as the pcAnywhere install really messes up the gina
and authentication for the alerts.

Steve

________________________________

From:    Simon Weaver [mailto:Simon.Weaver@xxxxxxxx]
Sent:    Mon 13/01/2003 09:05 AM
To:      Isa List
Subject:         [isalist] ISA Alert Intrusion

http://www.ISAserver.org


Hello Everyone
Got a few questions about ISA 2000 for SBS2000.

I have enabled Intrusion Detection and sent alerts to my Email address.
I receive the alerts, but I cannot seem to find what or who was trying
to contact me.

When I goto the "Monitoring" Folder and choose Alerts I get a Big Messge
"Refresh Failed" with a Big circle and a white X! The message says "You
do not have the necessary permissions to perform this operation". I
click on CONTINUE, but all I see are the tabs at the bottom of the
window (Services, Help, sessions, up, ect!).

If I view on the REORTS Folder, it only shows OLD reports for December
2002 - nothing since the 19th Dec 02.

Any ideas?

Thanks
Simon Weaver
Technical Consultant
MCSE+Internet / MCSE Windows 2000
Integrated Solutions Corp. Ltd
http://www.iscl.net <http://www.iscl.net/>

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/ Windows
Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT
Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
steve@xxxxxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')


This E-Mail is confidential. It is not intended to be read, copied,
disclosed or used by any person other than isalist@xxxxxxxxxxxxxx

Unauthorised use, disclosure, or copying is strictly prohibited and may
be unlawful. Optimum Computer Solutions disclaims any liability for any
action taken in connection of this E-Mail. The comments or statements
expressed in this E-Mail are not necessarily those of Optimum Computer
Solutions or its subsidiaries or affiliates.

usermanager@xxxxxxxxxxxxxxx



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/ Windows
Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT
Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
Simon.Weaver@xxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/ Windows
Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT
Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/ Windows
Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT
Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
esullivan@xxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/ Windows
Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT
Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
Simon.Weaver@xxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/ Windows
Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT
Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
esullivan@xxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/ Windows
Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT
Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
Simon.Weaver@xxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/ Windows
Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT
Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
esullivan@xxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/ Windows
Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT
Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
steve@xxxxxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')



This E-Mail is confidential. It is not intended to be read, copied,
disclosed or used by any person other than isalist@xxxxxxxxxxxxxx

Unauthorised use, disclosure, or copying is strictly prohibited and may
be unlawful. Optimum Computer Solutions disclaims any liability for any
action taken in connection of this E-Mail. The comments or statements
expressed in this E-Mail are not necessarily those of Optimum Computer
Solutions or its subsidiaries or affiliates.

usermanager@xxxxxxxxxxxxxxx



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/ Windows
Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT
Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/ Windows
Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT
Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gmulholland@xxxxxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/ Windows
Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT
Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/ Windows
Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT
Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
steve@xxxxxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')

This E-Mail is confidential. It is not intended to be read, copied, disclosed 
or used by any person other than isalist@xxxxxxxxxxxxxx

Unauthorised use, disclosure, or copying is strictly prohibited and may be 
unlawful. Optimum Computer Solutions disclaims any liability for any action 
taken in connection of this E-Mail. The comments or statements expressed in 
this E-Mail are not necessarily those of Optimum Computer Solutions or its 
subsidiaries or affiliates.

usermanager@xxxxxxxxxxxxxxx

Other related posts:

• » ISA Alert Intrusion
• » RE: ISA Alert Intrusion
• » RE: ISA Alert Intrusion
• » RE: ISA Alert Intrusion
• » RE: ISA Alert Intrusion
• » RE: ISA Alert Intrusion
• » RE: ISA Alert Intrusion
• » RE: ISA Alert Intrusion
• » RE: ISA Alert Intrusion
• » RE: ISA Alert Intrusion
• » RE: ISA Alert Intrusion
• » RE: ISA Alert Intrusion
• » RE: ISA Alert Intrusion
• » RE: ISA Alert Intrusion
• » RE: ISA Alert Intrusion
• » RE: ISA Alert Intrusion
• » RE: ISA Alert Intrusion
• » RE: ISA Alert Intrusion
• » RE: ISA Alert Intrusion
• » RE: ISA Alert Intrusion
• » RE: ISA Alert Intrusion
• » RE: ISA Alert Intrusion
• » RE: ISA Alert Intrusion
• » RE: ISA Alert Intrusion
• » RE: ISA Alert Intrusion
• » RE: ISA Alert Intrusion
• » RE: ISA Alert Intrusion

1. Home
2. isalist
3. Archive
4. 01-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---