king_tut

After the recent virus attacks, I am faced with having to clean up machines, most have VNC etc installed but some do not. Is there a 100% automated setup for it as i can connect remotely using other means ;-) but not take over the computer 100%.

Ideally im looking for an exe, size doesnt matter than can be run on the local computer and then install automatically including the password setup etc.

rogp

I'm sure you can install VNC with an answer file to create the settings you need to connect in.

Roger

Gedi

M$ have a tool for this.

Please note that if you are talking about the DCOM RPC exploit that the blaster and variants targeted, the original exploit was discovered weeks before this.

Many of the released code / progs dropped a shell (provisionally on port 4444, but later code included variable to select).

If you were subject to this, chances are your boxen have been rooted and you have much more to worry about than removing a worm.

If a full rebuild is not an option, make sure you monitor ALL out going packets for suspicious behavior

From the content of your post, it seems you are an admin of some sort. Might be worth setting up snort (if not aleady there) and stick in some new, strict rules.

king_tut

Muhahahahaha ph34r |\/|y sk!lz

Got it working, cheers for the help guys but i had to go a bit hardcore on this one, I now officially should never have to leave my desk again

::kriss

chiark

Kriss,

You are going over a secure tunnel to get into your PC aren't you? Leaving VNC open accessible to all is a little bit risky...

rogp

Gedi,

YHM at your NTL account.

Roger

Gedi

Security doesn't seem top of the list

/me is raoming about king_tut's network as we speak....
...ohhh, these are some interesting files....
....we have a nice big outbound trunk.

wget gedi_bot
./configure_gedi_bot
make
make install

muawahaha
ph33r m3

king_tut

I dont think u are browsing about my network Gedi, due to the fact that, I am a local admin :-) on the aberdeen plant, and to get access to us, you would have to come in through the firewall in houston.

Security is a concern, one of the main actually, hence why I am doing this remotley then testing everything an securing it all up.

Gedi

was just a little joke. Appologies if this was taken the wrong way.

On another note, I have been in situations before where admins have gotten very nasty after I have pointed out vunerabilities in their networks. Luckily I was under 18 at the time of my heavy misbehaving.

Now I work for the other side of security, with the odd bit of misbehaving every now and again.....hehe. A very slightly dirty white hat.

king_tut

Its cool, I look after about 200ish windows boxes so walking round them all is a pain, specially if its something stupid. I am really interested in Network Security things like penetration testing etc.

I take it from ure "make" script u use linux or unix.

Gedi

I use pretty much all OS'
Linux, Windows, Solaris, HP-UX, BSD are the main ones.

If you are interested in security, you should consider getting some certs. I don't know how you are with networks, but a CCNA would be a good start as many security issues are down to poorly configured networks.

Then certs like CISSP, CISA and the new Security+ will push you forward into the world of security. CISSP is the best, but most difficult to obtain. Security+ is supposed to be the easiest (not done it yet, so can't comment) and the '+' certs are up and comming in the info world.

I now have a lab set up at home with around 9 machines to test, discover new exploits, try out new ideas and develop code. It keeps me out of prison as its all legal now....haha.

rogp

Certification is definitely the way to go.

For the CISSP don't you need to be 'recommended' by someone who already has the cert?

Roger

Gedi

you are meant to be, but they don't always demand it. You also need to have been working in security for x (2 I think) amount of years. But there are exceptions to this too.

rogp

Seems to be a well respected cert though, so well worth getting hold of.

Chris L

They have upped the requirements for entry into CISSP now (longer time working in security etc). Details at isc2 I should be doing this very soon

Chris