|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: Detecting Blaster
From: David A Cavalieri (David.Cavalieri
Colorado.EDU)
Date: Fri Aug 15 2003 - 12:48:38 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Using NetFlow data, instead of watching all of your traffic to tcp/135
(which can be a great deal, depending the size of your organization),
you can watch for single packets; destination tcp/135 with a size of 48
bytes. You can also look for destination UDP/69 (TFTP) packets.
Monitoring traffic on port 4444 was not as useful.
Hope this helps.
David Cavalieri
Technical Specialist
Information Technology Services
University of Colorado, Boulder
-----Original Message-----
From: Bob Sadler [mailto:bobsLEAWOOD.ORG]
Sent: Thursday, August 14, 2003 11:14 AM
To: focus-mssecurityfocus.com
Subject: Detecting Blaster
I have been trying to figure out if there is a way that I can detect
signs of Blaster on a large number of machines on a network without
having to actually visit each one.
I have a port scanner (Ethereal) and have it setup to look at any frame
with destination port 135. Is there a better way to do this, or is the
way I'm trying to do this all wrong in the first place?
Bob Sadler
City of Leawood, KS, USA
WAN/Internet Specialist
913-339-6700 x194
Get a Life! Get TWO! Play Second Life!
http://secondlife.com/ss/?u=b4ebbfdd6af98a027fa7e89a86c55a68
------------------------------------------------------------------------
---
Your network firewall and IDS products do not prevent Web application
attacks - the most common form of online exploitation- resulting in Web
defacement, data theft, sabotage and fraud.
KaVaDo is the only company that provides a complete suite of Web
application security products.
Download a FREE whitepaper on "Security Policy Automation for Web
Applications":http://www.securityfocus.com/Kavado-focus-ms
------------------------------------------------------------------------
---
---------------------------------------------------------------------------
Your network firewall and IDS products do not prevent Web application
attacks - the most common form of online exploitation- resulting in Web
defacement, data theft, sabotage and fraud.
KaVaDo is the only company that provides a complete suite of Web
application security products.
Download a FREE whitepaper on "Security Policy Automation for Web
Applications":http://www.securityfocus.com/Kavado-focus-ms
---------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]