Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

SMB overflow attacks

From: KF <dotslash () snosoft com>
Date: Mon, 26 Aug 2002 16:02:45 -0400
Does anyone have log entries from a confirmed attack based on the recent SMB overflows? 

http://online.securityfocus.com/bid/5556 and
http://online.securityfocus.com/advisories/4416
I have a client with some unusual log entries related to lanman and SMB headers.... the log issues are similar to the following article: 

http://support.microsoft.com/default.aspx?scid=kb;[LN];Q321733
After applying the fix mentioned in the security-focus bid the server seemed to be happy... this makes me think the reason the server 
was arrgivated is related to a DoS attack on SMB.
I just need something solid to either trace back to an attacker or a confirmation that I was even attacked. 

-KF




----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: