Thursday, June 10, 2004

Worms Worms and more Worms

Well, a worm finally slipped its way through the defenses on our server this month, so I've spent that last few days cleaning up the infection and innoculating the server against future break-ins. One of the simple precautions is that we now have an MD5 file of every file on the server, generated every few days and archived off-site. The idea being that when a future break-in happens, it'll be much easier to figure out what changed and what new files were added. (That's what took the longest, was figuring out what worm we were hit with, and where it had dropped it's payload files.)

We're also dumping the contents of the registry to a file every few days as well. Although, since REGEDIT dumps the registry in an UNICODE format, it's a bit tricky to do a quick diff against a base snapshot. (I need to find a diff tool that does UNICODE.)

posted by Wuphon's Reach at 6:33 PM (0 comments)