Results 1 to 5 of 5

Thread: LSASS buffer overflow

  1. #1
    Junior Member
    Join Date
    Aug 2003

    LSASS buffer overflow

    ive done some research, determined that this is the problem that has been raping my computer. Although I dont think the attacker has done anything mailicious (besides causing a system reboot every ten minutes ) im getting the patches, following all the reccomendations that i read on various websites, but i cant help but think if the attacker received any kind of personal or sensitive information. can anyone help? and not surprisingly, the microsoft firewall didnt pick it up so i put zone alarm on. ill give a couple links if you all want a good read. im using win xp pro.


    Stay away from my friends, they\'re smooth operators lookin for a way in.

  2. #2
    Senior Member
    Join Date
    Mar 2004

    Thanks to NeuTron I had today a real good read[1]
    about the your topic.

    The Microsoft Firewall does log what you tell him to log.
    A log reader can be found here [2].
    Zone Alarm does not just give you better information.
    Especially you should use windump[3] (or similar stuff) to
    check in detail what the attacker has received - however,
    now it is too late anyway

    But maybe for next time, you will be well prepared
    (sorry, should not be sarcastic )

    [1] http://www.giac.org/practical/GCIH/S...nnedy_GCIH.pdf
    [2] http://www.winxpcentral.com/windowsxp/fwlog.php
    [3] http://windump.polito.it/install/default.htm
    If the only tool you have is a hammer, you tend to see every problem as a nail.
    (Abraham Maslow, Psychologist, 1908-70)

  3. #3
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Er...... Patching might help..... This was addressed in 04-11.....

    Issued: April 13, 2004
    Updated: August 10, 2004
    Version: 2.1
    Then again a firewall would have prevented it..... Actually, it would have stopped it dead.....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  4. #4
    Junior Member
    Join Date
    Aug 2003
    thanks for the replies. actually tiger shark, im using my laptop and it had never been connected to the internet before. so i plugged it in, dialed away, and not fifteen minutes later the buffer overflow occured. now i do have zone alarm and closed just about every port i dont need. i also patched up my laptop. ill just have to add this to my lessons learned the hard way list
    Stay away from my friends, they\'re smooth operators lookin for a way in.

  5. #5
    Wow, does this sound familiar. A few months ago I had a similar problem. I re-installed xp on my laptop and took a quick trip to the library (I was offline at the time). While there i deceided to slip in my wireless card (i didn't know if the library had wireless at that time), and it instantly put me online. So I was just pissing around online and within 5 minutes of being online I was infected by blaster.

    So after this I picked up zone alarm and NAV2k4. This made it possible for me to actually patch my laptop before getting infected.

    Now, I have official microsoft update CDs (sp1a and sp2). But more importantly I have slip streamed sp2 into an XP install CD, and it also installs a bunch of drivers and programs. If you want to also setup an xp cd like this, here's a great guide:
    You are so bored that you are reading my signature?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts