Penetration Testing mailing list archives
Re: services.exe modifying synattackprotect?
From: Christophe Vandeplas <christophe () vandeplas com>
Date: Fri, 10 Dec 2010 09:36:40 +0100
On Thu, Dec 9, 2010 at 6:23 PM, <techlists () comcast net> wrote:
Why would 'C:\Windows\system32\services.exe' be trying to change the following registry key? \REGISTRY\MACHINE\SYSTEM\ControlSet\SERVICES\TCPIP\PARAMETERS\SYNATTACKPROTECT Is this an indication of an attack or a normal part of the 'services.exe' process?
Hi PG, You should read this paper [1] to understand what the synattackprotect parameter does. The big question is more: To what is the parameter changed? If it was changed to 0, so deactivating synattack protection, I would seriously ask myself questions. But if it was changed to 1, enabling another protection... then I'd check with my sysadmin if some Active Directory group policies were changed (manually or because of the installation of a patch) [1] http://technet.microsoft.com/en-us/library/cc938202.aspx ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- A L0phCrack Alternative olufemimogaji (Dec 07)
- RE: A L0phCrack Alternative Tom Steele (Dec 07)
- Re: A L0phCrack Alternative Augusto Pereyra (Dec 07)
- services.exe modifying synattackprotect? techlists (Dec 10)
- Re: services.exe modifying synattackprotect? Christophe Vandeplas (Dec 10)
- RE: services.exe modifying synattackprotect? Style War (Dec 11)
- RE: A L0phCrack Alternative Paul Griggs (Dec 10)
- RE: A L0phCrack Alternative Demetris Papapetrou (Dec 10)
- Re: A L0phCrack Alternative Paul Halliday (Dec 09)
- Re: A L0phCrack Alternative Saif El Sherei (Dec 10)
- Re: A L0phCrack Alternative Syed Khaden (Dec 09)
- Re: A L0phCrack Alternative Alla Bezroutchko (Dec 09)
- RE: A L0phCrack Alternative Tom Steele (Dec 07)