Re: svchost exploit on ports 80, 443 &21

From: Bluto (arf-arf_at_doubleclick.net)
Date: 04/05/04

  • Next message: info: "what's a good firewall?"
    Date: Mon, 05 Apr 2004 06:10:25 -0400
    
    

    Alastair Smith wrote:

    > The technical details of the server are as follows: -
    >
    > Windows 2000 Small Business Server with SP4, Exchange 2000 SP3, IE6
    > sp1 and all other Microsoft critical updates.
    > McAfee Netshield.

    There are, reportedly, a number of zero-day exploits (no notice,
    no patch) exploits in MS tools and OS being used by professional
    black hats, especially in Russia. Obviously, this is hard to
    verify. However, it's possible that there are some, and that
    your script-kiddie got one (a pro hacker wouldn't advertise,
    like yours has done) and used it on you.

    But, there's a general consensus, at least in the Windows AND
    Linux using community that I'm part of, that anything with ActiveX
    is NOT appropriate for exposure to the Internet. And, it
    sounds like you may well have some ActiveX 'bits' showing in
    public. If so, that may well be an approach you want to reconsider.
    ActiveX was designed for convenience, not security.

    Also, web mail tools (including those running on Linux) have a
    pretty spotty security record -- you may want to see how you
    can lock down (and log) those tools further, once you are back
    up and running.


  • Next message: info: "what's a good firewall?"