-
October 14th, 2004, 10:08 PM
#1
Junior Member
LSASS buffer overflow
ive done some research, determined that this is the problem that has been raping my computer. Although I dont think the attacker has done anything mailicious (besides causing a system reboot every ten minutes ) im getting the patches, following all the reccomendations that i read on various websites, but i cant help but think if the attacker received any kind of personal or sensitive information. can anyone help? and not surprisingly, the microsoft firewall didnt pick it up so i put zone alarm on. ill give a couple links if you all want a good read. im using win xp pro.
link
http://www.eeye.com/html/Research/Ad...20040413C.html
http://securityresponse.symantec.com...ent/10108.html
http://vil.nai.com/vil/content/v_125007.htm
Stay away from my friends, they\'re smooth operators lookin for a way in.
-
October 14th, 2004, 10:23 PM
#2
Hi
Thanks to NeuTron I had today a real good read[1]
about the your topic.
The Microsoft Firewall does log what you tell him to log.
A log reader can be found here [2].
Zone Alarm does not just give you better information.
Especially you should use windump[3] (or similar stuff) to
check in detail what the attacker has received - however,
now it is too late anyway
But maybe for next time, you will be well prepared
(sorry, should not be sarcastic )
[1] http://www.giac.org/practical/GCIH/S...nnedy_GCIH.pdf
[2] http://www.winxpcentral.com/windowsxp/fwlog.php
[3] http://windump.polito.it/install/default.htm
If the only tool you have is a hammer, you tend to see every problem as a nail.
(Abraham Maslow, Psychologist, 1908-70)
-
October 14th, 2004, 10:23 PM
#3
Er...... Patching might help..... This was addressed in 04-11.....
Issued: April 13, 2004
Updated: August 10, 2004
Version: 2.1
Then again a firewall would have prevented it..... Actually, it would have stopped it dead.....
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
October 15th, 2004, 07:13 AM
#4
Junior Member
thanks for the replies. actually tiger shark, im using my laptop and it had never been connected to the internet before. so i plugged it in, dialed away, and not fifteen minutes later the buffer overflow occured. now i do have zone alarm and closed just about every port i dont need. i also patched up my laptop. ill just have to add this to my lessons learned the hard way list
Stay away from my friends, they\'re smooth operators lookin for a way in.
-
October 15th, 2004, 07:37 AM
#5
Member
Wow, does this sound familiar. A few months ago I had a similar problem. I re-installed xp on my laptop and took a quick trip to the library (I was offline at the time). While there i deceided to slip in my wireless card (i didn't know if the library had wireless at that time), and it instantly put me online. So I was just pissing around online and within 5 minutes of being online I was infected by blaster.
So after this I picked up zone alarm and NAV2k4. This made it possible for me to actually patch my laptop before getting infected.
Now, I have official microsoft update CDs (sp1a and sp2). But more importantly I have slip streamed sp2 into an XP install CD, and it also installs a bunch of drivers and programs. If you want to also setup an xp cd like this, here's a great guide:
http://unattended.msfn.org/
You are so bored that you are reading my signature?
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|