Educause Security Discussion mailing list archives
Re: Domain Controller Attacks
From: "Wayne J. Hauber" <wjhauber () IASTATE EDU>
Date: Fri, 14 Oct 2005 10:49:54 -0500
At 10:38 AM 10/14/2005, Dave Monnier, IT Security Office, Indiana University wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Wayne Bullock wrote: > Working with Security they believe thinks it's some type of virus that > appears to be going around on student's machines. Is anyone else seeing > this? This is fairly common. Some code tries to exploit other code, other code tries to exploit poor passwords. Could be most anything.
We had all of our schools AD domain controllers under attack this week. It may not be your attacker. Ours was a password attack like yours, though. We found four systems running some sort of bot. They also had an ftp server with the banner "220 Reptile is ready to serve". We found a couple of command and control systems that we've blocked. At least at our school, we are seeing a bots in a common botnet.
Cheers, - -Dave - -- | Dave Monnier - dmonnier () iu edu - http://mypage.iu.edu/~dmonnier/ | | Lead Security Engineer, Information Technology Security Office | | Office of the VP for Information Technology, Indiana University | -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDT9ELBIf6jlONJjIRArTgAJ9/zTHdBdbDBKeC4A09uK2V9BOO7wCgjHyA Ts8g0Z9WSMo/b8vQkK0Rq+E= =Ri16 -----END PGP SIGNATURE-----
Wayne Hauber (515) 294-9890 Information Technology Services IT Security and Policies 109 Durham Center, ISU, Ames, Iowa 50011 wjhauber () iastate edu
Current thread:
- Domain Controller Attacks Wayne Bullock (Oct 14)
- <Possible follow-ups>
- Re: Domain Controller Attacks Dave Monnier, IT Security Office, Indiana University (Oct 14)
- Re: Domain Controller Attacks Hoffman, Michael (Oct 14)
- Re: Domain Controller Attacks Beechey, Jim (Oct 14)
- Re: Domain Controller Attacks H. Morrow Long (Oct 14)
- Re: Domain Controller Attacks Wayne J. Hauber (Oct 14)
- Re: Domain Controller Attacks David Taylor (Oct 14)
- Re: Domain Controller Attacks Wayne Bullock (Oct 14)
- Re: Domain Controller Attacks Bowden, Zeb (Oct 14)
- Re: Domain Controller Attacks Wayne Bullock (Oct 14)
- Re: Domain Controller Attacks Jeff Kell (Oct 14)
- Re: Domain Controller Attacks Wayne Bullock (Oct 14)