Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: more https scanning reports - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
more https scanning reports
More HTTPS Scanning Reports

We did receive more packet captures registering scans for the SSL-PCT
exploit. It still appears like the THC exploit is used and additional
code is downloaded to the affected systems via tftp.

Problems With MS04-022

One reader reported problems installing MS04-022. This is in particular
of interest as an exploit for this vulnerability is already public. As
usual, we do advice to carefully test patches. The report we received
indicates that tasked scheduled with the task scheduler did no longer
execute. A sample error message:

0x8004130f: No account information could be found

in the Task Scheduler security database for the

task indicated.

Port 2003

A possible command channel / remote shell has been found on port 2003 in a
specific network. No widespread use of this port has been registered.

Host Based IDS for Windows

Frequently, users ask how to make sure that a system has not been compromissed, or how to determine for sure the scope of a compromise. Host based intrusion
detection systems are a good way to detect altered binaries. For Linux, a
wide range of free and commercial systems exist (AIDE, tripwire, SNARE), which
will catalog system files and save cryptographically secured checksums. We
would like to hear what users are recommending for Windows systems.

(Update: A few users commented that GFI Languard is available for Windows )

Johannes Ullrich, jullrich _AT_ sans.orgI will be teaching next: Application Security: Securing Web Apps, APIs, and Microservices - SANS London June 2022


4479 Posts
ISC Handler
Jul 19th 2004

Sign Up for Free or Log In to start participating in the conversation!