Microsoft time (cont.); Firefox exploits; PAWS exploit; port 445
Late Edition
Just a quick update from . According to the Microsoft help system the protocol used is NTP and as such most likely your ISP already has a well connected NTP server for you. Please consider looking up how it is named (often it is ntp.<yourISP>.<tld>) and synchronize from that one. The decrease in network delay and the decrease in possibility for asymmetric routing and all the consequences on stability of the time on your machine(s) will be in your advantage, even after time.windows.com returns to service.
The NIST also maintains a of which time.nist.gov is only one, you can use the others as well.
Considering how NTP normally works, you might also consider to install a more complete NTP implementation so that you can configure multiple servers for the client to choose from and not become dependent on just one server.
We received multiple suggestions to use pool.ntp.org's ntp servers (which can be set to your region/country). Bob Grabowsky suggested this URL:
http://ntp.isc.org/bin/view/Servers/NTPPoolServers
K-Otik/FrSIRT has released 3 exploits against Firefox 1.0.3; If you haven't upgraded to 1.0.4, this is yet another good reason to do so without delay.
in a your preferred flavor. For a description of the problems, Mozilla has following URLs:
http://www.mozilla.org/security/announce/mfsa2005-44.html
http://www.mozilla.org/security/announce/mfsa2005-43.html
The same folks from France released also an attacking TCP connections under certain conditions. Those of us having critical infrastructure relying on the persistence of TCP connections should check with their supplier.
References: CAN-2005-0356
iDEFENSE has been reporting on a spike in port 445 activity linked to rBot.NT .
The data for at Dshield currently cannot correlate with that analysis. The peak you see around the 13th is not related nor to be taken seriously in this respect.
Keep an eye out for the evolution in the next few day though.
--
Swa Frantzen
Microsoft time (continued)
Just a quick update from . According to the Microsoft help system the protocol used is NTP and as such most likely your ISP already has a well connected NTP server for you. Please consider looking up how it is named (often it is ntp.<yourISP>.<tld>) and synchronize from that one. The decrease in network delay and the decrease in possibility for asymmetric routing and all the consequences on stability of the time on your machine(s) will be in your advantage, even after time.windows.com returns to service.
The NIST also maintains a of which time.nist.gov is only one, you can use the others as well.
Considering how NTP normally works, you might also consider to install a more complete NTP implementation so that you can configure multiple servers for the client to choose from and not become dependent on just one server.
We received multiple suggestions to use pool.ntp.org's ntp servers (which can be set to your region/country). Bob Grabowsky suggested this URL:
http://ntp.isc.org/bin/view/Servers/NTPPoolServers
Firefox 1.0.3 exploits released
K-Otik/FrSIRT has released 3 exploits against Firefox 1.0.3; If you haven't upgraded to 1.0.4, this is yet another good reason to do so without delay.
in a your preferred flavor. For a description of the problems, Mozilla has following URLs:
http://www.mozilla.org/security/announce/mfsa2005-44.html
http://www.mozilla.org/security/announce/mfsa2005-43.html
PAWS Exploit released
The same folks from France released also an attacking TCP connections under certain conditions. Those of us having critical infrastructure relying on the persistence of TCP connections should check with their supplier.
References: CAN-2005-0356
rBot.NT - port 445
iDEFENSE has been reporting on a spike in port 445 activity linked to rBot.NT .
The data for at Dshield currently cannot correlate with that analysis. The peak you see around the 13th is not related nor to be taken seriously in this respect.
Keep an eye out for the evolution in the next few day though.
--
Swa Frantzen
Keywords:
0 comment(s)
×
Diary Archives
Comments