-
October 30th, 2002, 09:03 PM
#3
unknown cookie/file format??
last night I was cleaning up my win2k server at home and when I got to my "temporary internet files" directory I noticed a couple of really strange entries that I could not remove. They looked something like this:
3811524@LocalSource1,LocalSource2,LocalSource3...
a bit longer than that, but something along those lines. Now I know I can't remove them because they are using illegal characters (the @ and the commas) so I was wondering exactly how they were written to my machine in the first place. Also, I'm not real sure if these are illegal cookies, or just straight illegal files. I can't open them to look at them, but they appear to be cookies? They are also only 1kb in size.
I was thinking that perhaps I had been compromised and I looked for the common 0-day directories and didn't find any. I also checked out my firewalls logs and my IDS system along with the local logs on that machine so I don't think I'm really compromised, just that someone has found a way to put cookies on my machine without me having the ability to remove them. I like to think that I have my systems pretty well locked down, but you never know.
I went through a hack about a year ago where one of the servers at my old work was hit with 0-day stuff and there were all kinds of illegal characters and illegel dirs that were on that machine that were near to impossible to remove. I don't want to go through the same headache with this machine so I was wondering if anyone had a quick and dirty way to remove them.
oh rename doesn't work, and properties doesn't work. I THINK I may be able to get my hands on the POSIX stuff if I REALLY need it to remove those files, but I hope I don't. Thanks for the help.
El Diablo
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|