Eight high-risk incident response IDS
The author currently exist for the more serious vulnerabilities, security monitoring abnormal attacks eight high-risk events, the corresponding solutions to ensure that the intrusion detection system (IDS) to better play.
1. Microsoft Windows Messenger Service Remote Heap Overflow Vulnerability
Microsoft Windows XP, Windows NT, Windows ME, Windows 9X, Windows 2000, Windows 2003, etc. Almost all Windows operating systems are affected by this vulnerability. Windows Messenger service for server and client send each other a number of short messages. Microsoft Windows Messenger Service heap overflow issue exists, a remote attacker could exploit this vulnerability to system privileges on the target machine to execute arbitrary commands. Problems exist in the Messenger service program search-by-name function, the attacker to submit a specific sequence of strings to this function may cause heap overflow, well-constructed data may be submitted to the system privileges on the target machine to execute arbitrary commands. Submitted through the NetBIOS or RPC message to the messaging service, so you can close NETBIOS ports (137-139) and the use of UDP broadcast packet filtering firewall to block such messages.
Proposal
Temporary Solution: If you can not immediately install patches or upgrades, recommends the following measures to reduce the threat:
??firewall or personal firewall at the border can not be trusted host access on the Prohibition of NETBIOS, and RPC ports 135,137,139 (TCP / UDP);
??Disable the Messenger service. Open the “Start” (or open the “Settings”) Click “Control Panel”, then double-click “Administrative Tools”, double-click “Services”, locate and double-click “Messenger”, in the “Startup Type” drop-down box choose “has been Disable “, then click” Stop “, then click” OK. “
Permanent solution: play system security bulletin MS03-043 patch.
2. Windows Exchange Server Remote Buffer Overflow Vulnerability
Windows 2000, Windows XP, Windows NT will be affected by this vulnerability. Microsoft Exchange Server is a Microsoft developed the mail service program. Exchange Server 2.5 and 2000 requests for malicious verb lack of adequate processing, remote attacker could exploit this vulnerability to Exchange Server process privileges to execute arbitrary commands on the system. Exchange Server 5.5???Internet???????????????????????????????????xchange Server??MTP??????????????????verb???????????????????????????Internet??????????????????????????xchange 2000 Server?????????????????????????????xchange Server 5.5???????°??????????????????????????????xchange Server???????????????????????br />
Proposal
???????????br />
????MTP?????????SMTP????????br />
?????????????MTP??????
?????????????MTP???????????MTP AUTH?????????????????????
????????????????????br />
3. Microsoft MSN Messenger????????????
Microsoft MSN Messenger Service???????????? MSN Messenger???????????????????????????????????????????????????????????????????????????????????????MSN Messenger??????????????????????????????????????????????????????????????????????????????????????????
Proposal
???????????????????????????7007??008????????????
?????????????????????MS04-010?????????
4. Windows Help??upport Center??????????????br />
Windows XP??indows 2000??indows 2003??indows NT????????????
Proposal
??????????????CP????????????HKEY_CLASSES_ROOTHCP????????????HCP?????????
???????????????MS03-044????????????
5. Netscreen???????????????
NetScreen ScreenOS????????????Netscreen?????????????????????????????????????????etscreen???SSH1 CRC32????????????????????????????????????????????etscreen?????SH??etscreen????????????SSH?????????GUI???????????SH???????????????????????????????????????????????????/?????????Netscreen????????SH??????????????????????????????ssh1??????????????????????????????????????????deattack.c??????detect_attack()??????????????6???????????????32??????????????????????????????????????????????????????????????????????????oot??????????????RC32?????????????????????????????????????????????????????etscreen?????????????????????CRC32???????????????CRC32??????????????????????°?
Proposal
?????????????????????SSH????????????
????????????????????????????????????
6. Microsoft Windows NtSystemDebugControl()???API????????????
Microsoft Windows XP SP1??indows 2003????????????Microsoft Windows?????????API?????????????????????????????????????????wSystemDebugControl()??tdll.dll????????indows?????????NtSystemDebugControl()?????????ring 0????????????SeDebugPrivilege????????????????????????????????br />
Proposal
?????????????????????/?????????????????????
????????????????????????????????????
7. Microsoft IIS HTTP?????????????????br />
Windows 2000??indows XP??indows NT4.0??IS4.0/5.0????????????IIS??nternet Information Server???Microsoft Windows???????????eb????????? IIS 4.0/5.0/5.1?????TTP???????????????????????????????????????????????????????????????????°?IIS????????TTP????????????????????????????????????????????????????????????????????????????????????????????????????????IS??????HTTP?????????????????????????????????????????????????????????IIS?????????????????IS????????????IIS????????TTP?????????????????????????????????????????????????????IS??????????????SP ISAPI????????????????????????IIS????????IS 5.0/5.1?????????????????????????????????????????????????????????????????????IIS 4.0???????????????SYSTEM????????IS 5.0/5.1???????????WAM_computername?????????
Proposal
???????????br />
?????????????SP???????????????.asp??????????????nternet ??????????????????????????????????????????????????? WWW ???????????????????????????????????asp?????????????????IIS?????br />
?????????????????????????RLScan?????????????????????????????RLScan????????RL??????ASCII???????????????????????????????????????????????????????????br />
???????????????????????S02-018?????????
8. Windows???????????????????????br />
Microsoft Windows Media Player 7.1??indows Media Player XP??indows XP??indows NT??indows 98??indows ME??????????????????
Windows??????????????????????????????????????????????????????????????????????????????????????nternet Explorer???MIME??????application/x-ms-wmz???????????????/layout????????????wmplayer.exe??????????????????URL???????????edia Player????????????????????????Internet???????????????????????????????????????????????????????????????Media Player????????????????????????URL?????EX?????????????????????????????RL?????????????????????????????????????????????.WMZ??????Media Player???????????????????????????????????????Content-disposition HTTP???????????????????????????????????????????????????????????????????????????????????????????????????????????TML???EMAIL??????????????????????????????
Proposal
???????????utlook Express 6.0??utlook 2002????????????????????TML????????utlook 98??000???????????utlook E-mail?????????????????br />
???????????????????????S03-017?????????
????:
Youtube Movie To Treo Freeware
Teaching And TRAINING Tools Catalogs
