|
Posted by JM on July 18, 2006, 7:56 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Could a disgrunted former IT person who had access to a Win2k server via RDP
intentionally plant viruses on the server? If so, would there be a way to
trace the evidence?
thank you,
jm
|
|
Posted by pcbutts1 on July 18, 2006, 8:55 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Yes.
--
The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com
> Could a disgrunted former IT person who had access to a Win2k server via
> RDP intentionally plant viruses on the server? If so, would there be a
> way to trace the evidence?
>
> thank you,
>
> jm
>
>
>
>
>
|
|
Posted by JM on July 18, 2006, 10:12 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Would that be "yes" to both questions. And, if so, what measures might be
taken to trace the evidence?
thank you,
jm
> Yes.
>
> --
>
>
> The best live web video on the internet http://www.seedsv.com/webdemo.htm
> NEW Embedded system W/Linux. We now sell DVR cards.
> See it all at http://www.seedsv.com/products.htm
> Sharpvision simply the best http://www.seedsv.com
>
>
>
>> Could a disgrunted former IT person who had access to a Win2k server via
>> RDP intentionally plant viruses on the server? If so, would there be a
>> way to trace the evidence?
>>
>> thank you,
>>
>> jm
>>
>>
>>
>>
>>
>
>
|
|
Posted by pcbutts1 on July 18, 2006, 11:10 pm
If you were Registered and logged in, you could reply and use other advanced thread options
file creation date and network traffic logs.
--
The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com
> Thank you for your response.
>
> Would that be "yes" to both questions. And, if so, what measures might be
> taken to trace the evidence?
>
> thank you,
>
> jm
>
>
>
>
>
>> Yes.
>>
>> --
>>
>>
>> The best live web video on the internet http://www.seedsv.com/webdemo.htm
>> NEW Embedded system W/Linux. We now sell DVR cards.
>> See it all at http://www.seedsv.com/products.htm
>> Sharpvision simply the best http://www.seedsv.com
>>
>>
>>
>>> Could a disgrunted former IT person who had access to a Win2k server via
>>> RDP intentionally plant viruses on the server? If so, would there be a
>>> way to trace the evidence?
>>>
>>> thank you,
>>>
>>> jm
>>>
>>>
>>>
>>>
>>>
>>
>>
>
>
|
|
Posted by Gabriele Neukam on July 19, 2006, 10:17 am
If you were Registered and logged in, you could reply and use other advanced thread options
> Could a disgrunted former IT person who had access to a Win2k server via RDP
> intentionally plant viruses on the server?
If the server hasn't been patched properly, and you didn't remove his
account properly, yes. There's lots of information on the net, how to
escalate privileges and similar things.
I had a look at Google which tindicates that the RDP itself doesn't
allow for changing user rights, but if the tech could do *anything*
that creates files on the server, it might open a barn door for him.
Proving the maclicious action will be not that easy, if (s)he had
access to the logfiles and could modify them. Also, you should bear in
mind that there are viruses (or rather worms) that make their way in by
abusing weak services, that answer to unauthorized and malformed
requests; so this could be just a coincidence.
Gabriele Neukam
Gabriele.Spamfighter.Neukam@t-online.de
--
Ah, Information. A property, too valuable these days, to give it away,
just so, at no cost.
|
| Similar Threads | Posted | | "Reptile" server? | August 6, 2005, 2:43 am |
| ftp server found. | March 9, 2006, 4:19 pm |
| Unknown POP3 server | January 29, 2006, 6:21 pm |
| problems with exchange server | December 19, 2006, 2:34 am |
| Server infected by a trojan | September 6, 2007, 11:25 am |
| Steganos update server | December 29, 2007, 5:07 am |
| trojaned proxy server | June 17, 2008, 11:19 am |
| What Anti-Virus for Server? | October 31, 2008, 5:17 pm |
| Antivirus distribution server on Linux.. | February 27, 2006, 1:28 am |
| proxy server errors when trying to upload to VT | February 16, 2007, 11:09 am |
|
XML site map