Security Incidents mailing list archives
SMB overflow attacks
From: KF <dotslash () snosoft com>
Date: Mon, 26 Aug 2002 16:02:45 -0400
Does anyone have log entries from a confirmed attack based on the recent SMB overflows?
http://online.securityfocus.com/bid/5556 and http://online.securityfocus.com/advisories/4416I have a client with some unusual log entries related to lanman and SMB headers.... the log issues are similar to the following article:
http://support.microsoft.com/default.aspx?scid=kb;[LN];Q321733After applying the fix mentioned in the security-focus bid the server seemed to be happy... this makes me think the reason the server
was arrgivated is related to a DoS attack on SMB.I just need something solid to either trace back to an attacker or a confirmation that I was even attacked.
-KF ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service.For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- SMB overflow attacks KF (Aug 26)