Security Basics
Possible Malware? Oct 05 2012 04:24PM
Joseph Hargis (jhargis01 googlemail com) (3 replies)
RE: Possible Malware? Oct 05 2012 06:48PM
Cleghorn, Lance A (CLEGHORNL08 students ecu edu) (1 replies)
Re: Possible Malware? Oct 05 2012 08:16PM
Kurt Buff (kurt buff gmail com) (1 replies)
RE: Possible Malware? Oct 05 2012 11:18PM
Cleghorn, Lance A (CLEGHORNL08 students ecu edu)
Kurt,

You are spot on for password aging purposes. That value is indeed defaulted to 90 days (http://blogs.msdn.com/b/john_daskalakis/archive/2010/02/01/9956266.aspx
) However, Kerberos can have a value as low as 5 minutes clock skew to knock a domain account off. I think the default is much higher but it is still in units of hours or less than a few days. http://technet.microsoft.com/en-us/library/cc780011%28v=ws.10%29.aspx

It just seems to me that the odd administrator account change could be a group policy blow back and time could be the culprit. I'm curious to see now what the problem actually was.

Lance
________________________________________
From: listbounce (at) securityfocus (dot) com [email concealed] [listbounce (at) securityfocus (dot) com [email concealed]] on behalf of Kurt Buff [kurt.buff (at) gmail (dot) com [email concealed]]
Sent: Friday, October 05, 2012 4:16 PM
To: security-basics (at) securityfocus (dot) com [email concealed]
Subject: Re: Possible Malware?

Regarding time - it's very unlikely as a culprit in this instance.
Unless it's a very long time (on the order of 90+ days) time
differences in and of themselves don't break the machine trust with
the domain. Failure of validation, yes. Break trust with domain, not
so much.

Kurt

On Fri, Oct 5, 2012 at 11:48 AM, Cleghorn, Lance A
<CLEGHORNL08 (at) students.ecu (dot) edu [email concealed]> wrote:
> The keyboard and mouse losing function is odd; however, losing a trust relationship with your domain can be caused by a variety of things.
> 1. Check your time on the local PC, different time zones and big differences in date or time will kick you off the domain.
> 2. Check the computer account in AD and see if it is locked out. It may need to be reset.
> 3. Provisioning, if you use provisioning in your domain it may need to be re-provisioned.
>
> First troubleshooting step to try is bouncing the PC off and on the domain. Add the PC to a workgroup (if you are using win 7 you have to at least type a character in the password prompt) then restart or ipconfig /flushdns and ipconfig /renew and add the PC back to the domain.
>
> If you get an error putting the PC back on the domain then troubleshoot that particular error.
>
> Hope this helps,
> Lance Cleghorn, CCNP
>
> -----Original Message-----
> From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of Joseph Hargis
> Sent: Friday, October 05, 2012 12:25 PM
> To: security-basics (at) securityfocus (dot) com [email concealed]
> Subject: Possible Malware?
>
> Hello List,
>
> I have a Windows 7 PC connected to a domain exhibiting the following
> behavior:
>
> 1. The user logged off the machine to go to lunch. When she returned she was unable to logon and the machine displayed an error stating that the machine had lost the trust relationship with the domain.
>
> 2. The local administrator account has been removed from the local administrators group.
>
> 3. When the network cable was unplugged, the keyboard and mouse quit functioning.
>
> Admittedly, I'm new to malware hunting. But to me, this behavior is suspicious. Does this ring any bells with anyone?
>
> Thank you,
>
> Joe Hargis
>
> ------------------------------------------------------------------------

> Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
> ------------------------------------------------------------------------

>
>
>
>
> ------------------------------------------------------------------------

> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
> ------------------------------------------------------------------------

>

------------------------------------------------------------------------

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------

------------------------------------------------------------------------

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------

[ reply ]
Re: Possible Malware? Oct 05 2012 06:30PM
Khaled Zayed (khaled0319 gmail com) (1 replies)
Re: Possible Malware? Oct 05 2012 07:03PM
Kurt Buff (kurt buff gmail com)
Re: Possible Malware? Oct 05 2012 05:15PM
Kurt Buff (kurt buff gmail com)


 

Privacy Statement
Copyright 2010, SecurityFocus