Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Incidents
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: compromised machines

from [soccer4net@netzero.com] Network Security [Permanent Link]
Subject: Re: compromised machines
Date: Fri, 27 Aug 2004 13:25:36 GMT 

First of all, How are these machines connected to the internet? Are using NAT 
or PAT/NAT Overloading?  Are they any services being forwarded through the 
firewall to these machines or are you allowing outbound traffic only?  

If you are allowing any inbound services on the local network, that should be 
your first place to start.  You can clean the other machines all day long and 
that first hole will allow an attacker to keep compromising them fairly easily. 
 

If you are allowing outbound only on the internal LAN, look at past emails, and 
weblogs on infected machines, they may have been compromised through client 
software.  Even with all IE patches installed there are plenty of malicious 
websites out there that can automatically infect machines browsing to them.

________________________________________________________________
The best thing to hit the Internet in years - NetZero HiSpeed!
Surf the Web up to FIVE TIMES FASTER!
Only $14.95/ month -visit www.netzero.com to sign up today!
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Bad options?, Jeffrey Denton
Next by Date:  Re: compromised machines, Brian Eckman
Previous by Thread:  Re: compromised machines, Jose Maria Lopez
Next by Thread:  Bad options?, Daniel . Ramaswami
Indexes:  [Date] [Thread] [Top] [All Lists]