Re: Detecting Blaster
From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (sbradcpa_at_pacbell.net)
Date: 08/14/03
- Previous message: Harlan Carvey: "Re: Detecting Blaster"
- In reply to: Bob Sadler: "Detecting Blaster"
- Next in thread: oogelyboogly_at_hushmail.com: "RE: Detecting Blaster"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 14 Aug 2003 14:05:19 -0700 To: Bob Sadler <bobs@LEAWOOD.ORG>
Microsoft has released a KB 823980 Scanning Tool (KB823980scan.exe) that
can be used to scan networks to identify host computers that do not have
the 823980 security patch (MS03-026) installed. For additional
information about the 823980 security patch (MS03-026), click the
following article number to view the article in the Microsoft Knowledge
Base:
823980 MS03-026: Buffer Overrun in RPC Interface May Allow Code
Execution
http://support.microsoft.com/default.aspx?scid=kb;en-us;823980
For additional information about a new worm virus that tries to exploit
the DCOM RPC vulnerability that is fixed by the 823980 security patch
(MS03-026), click the following article number to view the article in
the Microsoft Knowledge Base:
826955 Virus Alert About the W32.Blaster.Worm Worm
http://support.microsoft.com/default.aspx?scid=KB;EN-US;826955
Download location:
http://microsoft.com/downloads/details.aspx?FamilyId=C8F04C6C-B71B-4992-91F1-AAA785E709DA&displaylang=en
Bob Sadler wrote:
> I have been trying to figure out if there is a way that I can detect
> signs of Blaster on a large number of machines on a network without
> having to actually visit each one.
>
> I have a port scanner (Ethereal) and have it setup to look at any frame
> with destination port 135. Is there a better way to do this, or is the
> way I'm trying to do this all wrong in the first place?
>
> Bob Sadler
> City of Leawood, KS, USA
> WAN/Internet Specialist
> 913-339-6700 x194
>
> Get a Life! Get TWO! Play Second Life!
> http://secondlife.com/ss/?u=b4ebbfdd6af98a027fa7e89a86c55a68
>
> ---------------------------------------------------------------------------
> Your network firewall and IDS products do not prevent Web application
> attacks - the most common form of online exploitation- resulting in Web
> defacement, data theft, sabotage and fraud.
> KaVaDo is the only company that provides a complete suite of Web
> application security products.
> Download a FREE whitepaper on "Security Policy Automation for Web
> Applications":http://www.securityfocus.com/Kavado-focus-ms
> ---------------------------------------------------------------------------
-- "Don't lose sight of security. Security is a state of being, not a state of budget. He with the most firewalls still does not win. Put down that honeypot and keep up to date on your patches. Demand better security from vendors and hold them responsible. Use what you have, and make sure you know how to use it properly and effectively." ~Rain Forest Puppy http://www.wiretrip.net/rfp/txt/evolution.txt --------------------------------------------------------------------------- Your network firewall and IDS products do not prevent Web application attacks - the most common form of online exploitation- resulting in Web defacement, data theft, sabotage and fraud. KaVaDo is the only company that provides a complete suite of Web application security products. Download a FREE whitepaper on "Security Policy Automation for Web Applications":http://www.securityfocus.com/Kavado-focus-ms ---------------------------------------------------------------------------
- Previous message: Harlan Carvey: "Re: Detecting Blaster"
- In reply to: Bob Sadler: "Detecting Blaster"
- Next in thread: oogelyboogly_at_hushmail.com: "RE: Detecting Blaster"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
