RE: Trace of 139 attack?
From: H C (keydet89@yahoo.com)Date: 07/26/01
- Previous message: Richard Ginski: "Authenticating Before Browsing a Domain"
- Maybe in reply to: Eagle: "Trace of 139 attack?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <20010726103847.60405.qmail@web14605.mail.yahoo.com> Date: Thu, 26 Jul 2001 03:38:47 -0700 (PDT) From: H C <keydet89@yahoo.com> Subject: RE: Trace of 139 attack? To: stephen.pinto@paladion.net
> I think passprop allows you to lock the admin
> account via the network not on
> the PDC.
> This secanrio will be is use when an attacker who
> has done a buffer overflow
> on your IIS server & as got the command prompt.
In that scenario, since the gina isn't accessed, then
no account (admin or otherwise) would get locked out
anyway...so what's the point?
And if the buffer overflow is against the IIS server,
what does that have to do with port 139?
> The
> attacker would not want
> the administrator to know that he is been attacked
> so he wont change the
> password & run the password cracking tool on the
> server, so that later he
> can have easy access to the server.
__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/
- Previous message: Richard Ginski: "Authenticating Before Browsing a Domain"
- Maybe in reply to: Eagle: "Trace of 139 attack?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
