Full Disclosure mailing list archives
SMB overflow attacks
From: full-disclosure () lists netsys com (KF)
Date: Mon, 26 Aug 2002 16:02:45 -0400
Does anyone have log entries from a confirmed attack based on the recent SMB overflows? http://online.securityfocus.com/bid/5556 and http://online.securityfocus.com/advisories/4416 I have a client with some unusual log entries related to lanman and SMB headers.... the log issues are similar to the following article: http://support.microsoft.com/default.aspx?scid=kb;[LN];Q321733 After applying the fix mentioned in the security-focus bid the server seemed to be happy... this makes me think the reason the server was arrgivated is related to a DoS attack on SMB. I just need something solid to either trace back to an attacker or a confirmation that I was even attacked. -KF
Current thread:
- SMB overflow attacks KF (Aug 26)
- RE: SMB overflow attacks Jason Coombs (Aug 26)
- RE: SMB overflow attacks John Schutz (Aug 27)
- RE: SMB overflow attacks Nick FitzGerald (Aug 27)
- RE: SMB overflow attacks John Schutz (Aug 27)
- SecurityFocus Website Ken Pfeil (Aug 30)
- <Possible follow-ups>
- RE: SMB overflow attacks Peter Gutmann (Aug 26)
- RE: SMB overflow attacks Jason Coombs (Aug 26)