more https scanning reports
More HTTPS Scanning Reports
We did receive more packet captures registering scans for the SSL-PCT
exploit. It still appears like the THC exploit is used and additional
code is downloaded to the affected systems via tftp.
Problems With MS04-022
One reader reported problems installing MS04-022. This is in particular
of interest as an exploit for this vulnerability is already public. As
usual, we do advice to carefully test patches. The report we received
indicates that tasked scheduled with the task scheduler did no longer
execute. A sample error message:
Port 2003
A possible command channel / remote shell has been found on port 2003 in a
specific network. No widespread use of this port has been registered.
Host Based IDS for Windows
Frequently, users ask how to make sure that a system has not been compromissed, or how to determine for sure the scope of a compromise. Host based intrusion
detection systems are a good way to detect altered binaries. For Linux, a
wide range of free and commercial systems exist (AIDE, tripwire, SNARE), which
will catalog system files and save cryptographically secured checksums. We
would like to hear what users are recommending for Windows systems.
(Update: A few users commented that GFI Languard is available for Windows
http://www.sans.org/rr/papers/index.php?id=1396 )
------------
Johannes Ullrich, jullrich _AT_ sans.org
We did receive more packet captures registering scans for the SSL-PCT
exploit. It still appears like the THC exploit is used and additional
code is downloaded to the affected systems via tftp.
Problems With MS04-022
One reader reported problems installing MS04-022. This is in particular
of interest as an exploit for this vulnerability is already public. As
usual, we do advice to carefully test patches. The report we received
indicates that tasked scheduled with the task scheduler did no longer
execute. A sample error message:
0x8004130f: No account information could be found
in the Task Scheduler security database for the
task indicated.
Port 2003
A possible command channel / remote shell has been found on port 2003 in a
specific network. No widespread use of this port has been registered.
Host Based IDS for Windows
Frequently, users ask how to make sure that a system has not been compromissed, or how to determine for sure the scope of a compromise. Host based intrusion
detection systems are a good way to detect altered binaries. For Linux, a
wide range of free and commercial systems exist (AIDE, tripwire, SNARE), which
will catalog system files and save cryptographically secured checksums. We
would like to hear what users are recommending for Windows systems.
(Update: A few users commented that GFI Languard is available for Windows
http://www.sans.org/rr/papers/index.php?id=1396 )
------------
Johannes Ullrich, jullrich _AT_ sans.org
Keywords:
0 comment(s)
My next class:
Application Security: Securing Web Apps, APIs, and Microservices | Online | US Eastern | Jan 27th - Feb 1st 2025 |
×
Diary Archives
Comments