Security Incidents mailing list archives

Re: Help - a possible bot

From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Sun, 17 Nov 2002 11:34:46 +1300

"Moshe Aelion" <ma0934 () hotmail com> wrote:

Two weeks ago, the NAT/ICMP computer on our LAN got compromised; the hacked
installed DameWare and was trying to work on the computer. It was discovered
within about 10 minutes. I then installed ZoneAlarm Pro.

<<big snip>>

I think there are some misconceptions here.

Although ZoneAlarm should be "protecting" you, you clearly have a lot 
of stuff configured for a machine that should be on a LAN, itself 
protected from the real world, rather than directly on the Internet.  
You may find the following detailed discussion of locking down 
service bindings helpful:

   http://www.hsc.fr/ressources/breves/min_srv_res_win.en.html


Regards,

Nick FitzGerald

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

re: Help - a possible bot H C (Nov 17)
- Re: Help - a possible bot Moshe Aelion (Nov 25)
  - Re: Help - a possible bot Ryan Yagatich (Nov 26)
- <Possible follow-ups>
- RE: Help - a possible bot Dan Perez (Nov 17)
- Re: Help - a possible bot Nick FitzGerald (Nov 17)
- Re: Help - a possible bot Emeric Miszti (Nov 17)
  - Re: Help - a possible bot Moshe Aelion (Nov 25)
- Re: Help - a possible bot Jon Nelson (Nov 17)
  - Re: Help - a possible bot Mally Mclane (Nov 19)