SMB overflow attacks
From: KF (dotslash@snosoft.com)Date: 08/26/02
- Previous message: Yonatan Bokovza: "RE: What's going on here?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 26 Aug 2002 16:02:45 -0400 From: KF <dotslash@snosoft.com> To: vuln-dev@security-focus.com, incidents@security-focus.com, full-disclosure@lists.netsys.com
Does anyone have log entries from a confirmed attack based on the recent
SMB overflows?
http://online.securityfocus.com/bid/5556 and
http://online.securityfocus.com/advisories/4416
I have a client with some unusual log entries related to lanman and SMB
headers.... the log issues are similar to the following article:
http://support.microsoft.com/default.aspx?scid=kb;[LN];Q321733
After applying the fix mentioned in the security-focus bid the server
seemed to be happy... this makes me think the reason the server
was arrgivated is related to a DoS attack on SMB.
I just need something solid to either trace back to an attacker or a
confirmation that I was even attacked.
-KF
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Previous message: Yonatan Bokovza: "RE: What's going on here?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
