Security Incidents mailing list archives
Re: Help - a possible bot
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Sun, 17 Nov 2002 11:34:46 +1300
"Moshe Aelion" <ma0934 () hotmail com> wrote:
Two weeks ago, the NAT/ICMP computer on our LAN got compromised; the hacked installed DameWare and was trying to work on the computer. It was discovered within about 10 minutes. I then installed ZoneAlarm Pro.
<<big snip>> I think there are some misconceptions here. Although ZoneAlarm should be "protecting" you, you clearly have a lot of stuff configured for a machine that should be on a LAN, itself protected from the real world, rather than directly on the Internet. You may find the following detailed discussion of locking down service bindings helpful: http://www.hsc.fr/ressources/breves/min_srv_res_win.en.html Regards, Nick FitzGerald ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- re: Help - a possible bot H C (Nov 17)
- Re: Help - a possible bot Moshe Aelion (Nov 25)
- Re: Help - a possible bot Ryan Yagatich (Nov 26)
- <Possible follow-ups>
- RE: Help - a possible bot Dan Perez (Nov 17)
- Re: Help - a possible bot Nick FitzGerald (Nov 17)
- Re: Help - a possible bot Emeric Miszti (Nov 17)
- Re: Help - a possible bot Moshe Aelion (Nov 25)
- Re: Help - a possible bot Jon Nelson (Nov 17)
- Re: Help - a possible bot Mally Mclane (Nov 19)
- Re: Help - a possible bot Moshe Aelion (Nov 25)