Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2005-03-16 InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

LLSSRV; The end of the Internet; DNS Cache Poisoning; New Handler

Published: 2005-03-16
Last Updated: 2005-03-16 23:15:41 UTC
by Adrien de Beaupre (Version: 1)
0 comment(s)

MS05-010 Correction

Quoting Dave Aitel directly from [Dailydave] LLSSRV Clarifications.

As stated in MS05-010, LLSSRV is not remotely exploitable on Windows 2000 Server SP3 and 4 without authentication. However, it is remotely exploitable in Windows 2000 Advanced Server SP 3 and 4 without authentication. More information at the Immunity Inc. web site:

It's the end of the world as we know it...

An article titled "How To Save The Internet" is an interesting read. Aside from the US centric bias it points out that the Internet as we know and love it today is essentially dysfunctional. Which brings us to the question of how to either save it, or move on to a better method of safely and securely connecting the world together. I have my own thoughts about some of the ideas raised in the article; some are silly, some are not feasible, but some merit some thought and attention. What do you think?

DNS cache poisoning incidents

There have been widespread reports of DNS cache poisoning and users being redirected on a major scale to certain web sites. Symantec has released a hotfix addressing a DNS cache poisoning and redirection issue with their Gateway Security, Enterprise Firewall, and VelociRaptor products. Products other than Symantec's are also reported to be impacted. More information is available from the following URLs:

New Handler

I have the pleasure of introducing a new Incident Handler who has joined our ranks. His name is William Salusky. Welcome to the club William.

Adrien de Beaupré, handler of the day
0 comment(s)
Diary Archives