Security Incidents mailing list archives
Re: compromised machines
From: "soccer4net () netzero com" <soccer4net () netzero com>
Date: Fri, 27 Aug 2004 13:25:36 GMT
First of all, How are these machines connected to the internet? Are using NAT or PAT/NAT Overloading? Are they any services being forwarded through the firewall to these machines or are you allowing outbound traffic only? If you are allowing any inbound services on the local network, that should be your first place to start. You can clean the other machines all day long and that first hole will allow an attacker to keep compromising them fairly easily. If you are allowing outbound only on the internal LAN, look at past emails, and weblogs on infected machines, they may have been compromised through client software. Even with all IE patches installed there are plenty of malicious websites out there that can automatically infect machines browsing to them. ________________________________________________________________ The best thing to hit the Internet in years - NetZero HiSpeed! Surf the Web up to FIVE TIMES FASTER! Only $14.95/ month -visit www.netzero.com to sign up today!
Current thread:
- compromised machines Varun Pitale (Aug 26)
- Re: compromised machines Brian Eckman (Aug 27)
- Re: compromised machines Scott Weeks (Aug 27)
- Re: compromised machines Mike Lyman (Aug 30)
- Re: compromised machines bob (Aug 31)
- Re: compromised machines Mike Lyman (Aug 30)
- Re: compromised machines Harlan Carvey (Aug 27)
- Re: compromised machines Michael H. Warfield (Aug 30)
- Re: compromised machines Jose Maria Lopez (Aug 30)
- <Possible follow-ups>
- Re: compromised machines soccer4net () netzero com (Aug 27)