Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security ISSForum
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISSForum] Getting more detail from BOEP Alerts.

from [Clemens, Dan] Network Security [Permanent Link]
Subject: [ISSForum] Getting more detail from BOEP Alerts.
Date: Fri, 26 Jan 2007 07:23:57 -0600 

I have been watching our boep alerts rise as we deployed proventia into
the field the last few weeks.

Does anyone know of a way to get more detail of what the boep actually
triggered upon?
Most of the time the boep alert will simply state the Target Username
affected along with a Device Payload ID which looks something like
'10000085869291'.

It would be great if anyone knows of ways to somehow see mini stack
dumps on what is getting triggered on, or if its simply doing a canary
type watch on the stack...or basically any more info would be great.


-Daniel 
-----------------------------------------
Confidentiality Notice: This e-mail communication and any
attachments may contain confidential and privileged information for
the use of the designated recipients named above. If you are not
the intended recipient, you are hereby notified that you have
received this communication in error and that any review,
disclosure, dissemination, distribution or copying of it or its
contents is prohibited. If you have received this communication in
error, please notify me immediately by replying to this message and
deleting it from your computer. Thank you.


_______________________________________________
ISSForum mailing list
ISSForum@atla-mm1.iss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to 
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@iss.net

The ISSForum mailing list is hosted and managed by Internet Security Systems, 
6303 Barfield Road, Atlanta, Georgia, USA 30328.
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISSForum] Getting more detail from BOEP Alerts., Clemens, Dan <=
Previous by Date:  Re: [ISSForum] opensignature (trons) blocking, Marko Ivanusa
Next by Date:  [ISSForum] MSRPC_SuspiciousEncryption events, Soldatov, Sergey V.
Previous by Thread:  [ISSForum] Manual upgrade, Carlos Arturo Castro Garcia
Next by Thread:  [ISSForum] MSRPC_SuspiciousEncryption events, Soldatov, Sergey V.
Indexes:  [Date] [Thread] [Top] [All Lists]