|
More HTTPS Scanning Reports
We did receive more packet captures registering scans for the SSL-PCT exploit. It still appears like the THC exploit is used and additional code is downloaded to the affected systems via tftp. Problems With MS04-022 One reader reported problems installing MS04-022. This is in particular of interest as an exploit for this vulnerability is already public. As usual, we do advice to carefully test patches. The report we received indicates that tasked scheduled with the task scheduler did no longer execute. A sample error message:
Port 2003 A possible command channel / remote shell has been found on port 2003 in a specific network. No widespread use of this port has been registered. Host Based IDS for Windows Frequently, users ask how to make sure that a system has not been compromissed, or how to determine for sure the scope of a compromise. Host based intrusion detection systems are a good way to detect altered binaries. For Linux, a wide range of free and commercial systems exist (AIDE, tripwire, SNARE), which will catalog system files and save cryptographically secured checksums. We would like to hear what users are recommending for Windows systems. (Update: A few users commented that GFI Languard is available for Windows http://www.sans.org/rr/papers/index.php?id=1396 ) ------------ Johannes Ullrich, jullrich _AT_ sans.orgI will be teaching next: Intrusion Detection In-Depth - SIEM Summit & Training 2019 |
Johannes 3631 Posts ISC Handler |
| Subscribe |
Jul 19th 2004 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!
