Strange mail with number in subject line and body
We have received a few strange emails (from Korea and France) whichlists a three character number in the subject line and a differentthree digit character number in the body, no attachments.The sender (from field) has been spoofed and displays the receiversname (to field).I did a search on googl...
4 answers | 969 bytes |
Compromised Windows Server
Hi PatrickCame in this morning to find a windows 2003 server I manage scanning theInternet for machines listening on tcp 139 and 445. While looking at themachine I noticed the following processes running.Sounds like you were able to capture some of the network traffic. Got anypacket dumps, netfl...
0 answers | 2861 bytes |
Compromised Windows Server
Patrick,Came in this morning to find a windows 2003 server Imanage scanning theInternet for machines listening on tcp 139 and 445.While looking at themachine I noticed the following processes running.Mwvsta.exe found in c:\windows\system32rundll16.exe c:\windows\system23Ponoas.exe c:\windows\sys...
0 answers | 2090 bytes |
Advisory - D-Link Access Point
INTRUDERS TIGER TEAM SECURITY - SECURITY - D-Link Wireless Access-Point (DWL-2100ap)PRIRITY: HIGHI - INTRUDERS: Tiger Team Security is a project entailed with Security Source ().The Intruders Tiger Team Security (ITTS) is a group of researchers with more than 10 years of experience, specialized...
2 answers | 4413 bytes |
Microsoft NetMeeting memory corruption(Brief)
PGP SIGNED MESSAGEHash: SHA1Microsoft NetMeeting memory corruption (Brief)Classification:Level: [LW]-med-high-critID: HEXVIEW*2006*06*06*01URL::Microsoft NetMeeting is an application that provides multipointaudio/video conferencing and supporting services (desktop sharing,whiteboard, remote con...
0 answers | 2254 bytes |
Moderator note: Compromised Windows Server thread
Hello list,To save us from rehashing what comes up fairly frequently on Incidents,I ask that replies to this thread (and future incident response threadsfor that matter) focus specifically on details of the incident in question.Two clashing schools of thought are, "wipe clean and reinstall fromk...
0 answers | 1590 bytes |
Compromised Windows Server
Just a guess, but I'd bet the behavior you're seeing is the same method with which you became infected, that is, via TCP 139 and 445. Sounds like a propogation worm.It will morph on reboot, so use a prog like regshot or regmon to diff the registry.Check HKLM software Microsoft windowsn...
0 answers | 2348 bytes |
Some new SSH exploit script?
I think the point being made was that by moving the port that standard ssh/port 22 brute forcers and scanners would not hit you unless they did a full scan which I would expect a real hacker or targeted attack to do.So yes in the sence of 'real' security it doesn't gain you anythi...
4 answers | 3306 bytes |
Updated ipsec-tools packagefixes security issue
Fedora Legacy Update AdvisorySynopsis: Updated ipsec-tools package fixes security issueAdvisory ID: FLSA:190941Issue date: 2006-06-06Product: Fedora CoreKeywords: BugfixCVE Names: CVE-2005-37321. Topic:An updated ipsec-tools package that fixes a bug in racoon is nowavailable.The ipsec-tools pac...
0 answers | 3114 bytes |
Updated squirrelmail packagefixes security issues
Fedora Legacy Update AdvisorySynopsis: Updated squirrelmail package fixes security issuesAdvisory ID: FLSA:190884Issue date: 2006-06-06Product: Red Hat Linux, Fedora CoreKeywords: BugfixCVE Names: CVE-2006-0188 CVE-2006-0195 CVE-2006-03771. Topic:An updated squirrelmail package that fixes three...
0 answers | 3894 bytes |
Updated X.org packages fixsecurity issue
Fedora Legacy Update AdvisorySynopsis: Updated X.org packages fix security issueAdvisory ID: FLSA:190777Issue date: 2006-06-06Product: Fedora CoreKeywords: BugfixCVE Names: CVE-2006-15261. Topic:Updated X.org packages that fix a security issue are now available.X.org is an open source implement...
0 answers | 3094 bytes |
Penetration Testing a Firewalled Network
What is running on the web server? Maybe you can gain some info about the environment through there first.dmz MessageFrom: kratzer.jason (AT) gmail (DOT) comTo: pen-test (AT) securityfocus (DOT) comSent: 6/6/06 1:22 PMSubject: Re: Re: Penetration Testing a Firewalled NetworkThe environment I am...
0 answers | 2502 bytes |
- Strange mail with number in subject line and body
- Compromised Windows Server
- Compromised Windows Server
- Advisory - D-Link Access Point
- Microsoft NetMeeting memory corruption(Brief)
- Moderator note: Compromised Windows Server thread
- Compromised Windows Server
- Some new SSH exploit script?
- Some new SSH exploit script?
- Compromised Windows Server
- Is your security 6/6/6 ready?
- breaking news tools,for an ever changing community
- n3td3v bashers on FD
- n3td3v agenda revealed
- blocking tor is not the right way forward. It mayjust be the right way backward.
- Tool Release - Tor Blocker
- Home- About Us- Contact- Privacy Statement- Link Exchange- Bookmark- Map.XML- Rss.Xml
- Copyright 2001-2009 by EMSDN.COM Information Technology Co.,Ltd All rights reserved
- 0.313