Home | hacker invade | crack analyzes | hacker course | Exploit | encryption decipher | network management | System crack | the virus to be related | invades the examination | firewall
You are here: hacking technology > invades the examination > Content
Hot Articles
ForensicSIM Toolkit gets
Serv-U bounce attack and
To the Image File Execut
Based on CallStack count
To a some music website
How to use double WAN ro
pcshare official net exa
Security precious book m
Honey jar and honey net
The invasion examination
pcshare official net exa
Tomcat invasion examinat
Bypasses the CallStack f
Ten big invasion examina
The network invasion exa
Recommend Articles
Only opens 80 port's saf
Bypasses the web key wor
Bypasses the CallStack f
Security precious book m
Based on CallStack count
pcshare official net exa
SQL Server SA idle talk
Honey jar and honey net
The invasion examines th
Four next generation inv
An accidental invasion e
The invasion examines (I
How to use IDS to invade
The invasion examination
A winding safe examinati
New Articles
TEA guidelines for risk
Training for medical per
JSIC Security Forum 2001
SITO includes E-Learning
The rationale for choosi
Drink and drug driving c
BTEC is Tavcom Training
International trade issu
1 in 5 companies is unli
New compact PD-350 for F
sharp rise in prices of
Passfaces strong authent
T3i teams with Passfaces
Comodo Two Factor Authen
Comfortable two-factor a
Ten big invasion examination system and handling countermeasure(3)
  Add date: 10/07/2008   Publishing date: 10/07/2008   Hits: 4
Total 3 pages, Current page:3, Jump to page:
 


  [countermeasure]

  Pays attention the further activity which closely the attack originates, if thought that has the necessity to block it visit to server's connection.

  Event 9 POP3 service receive suspicious virus mail

  Current through the mail dissemination's virus, the worm is day by day popular, some mail virus has the appendix which through the transmission may carry out to lure the user click execution to disseminate, the common viral appendix name suffix includes: .pif, .scr, .bat, .cmd, .com, have these suffix filename appendix mail usually are camouflage the ordinary mail the viral mail.

  The mail virus infection main engine later usually other user mail address transmission same virus mail which preserved to the mail client side software will expand the infection surface.

  This event expressed that IDS will examine receives the belt suspicious virus appendix mail the operation, the mail receive will possibly infect some kind of mail virus, needs to process immediately.

  [countermeasure]

  1st, the notice isolation inspection transmission virus mail's main engine, the use kills the poisonous software to kill the virus which on the system infects.

  2nd, installs the viral mail filtration software on the server, before user receive kills it.

  Event 10 Microsoft Windows LSA serves the long-distance buffer overflow attack

  Microsoft Windows LSA is the local security authorization service (LSASRV.DLL).

  LSASS the DCE/RPC terminal derives the Microsoft activity directory services have a buffer overflow, the long-distance aggressor may use this crack to carry out the random order by the SYSTEM jurisdiction on the system.

  [countermeasure]

  1st, temporary processing method: Uses the firewall for the UDP port 135, 137, 138, 445 and the TCP port 135, 139, 445, 593 carries on the filtration.

  2nd, has the system patch, the promotion.


 
Other pages: : <<Prev * 1 * 2 * 3
Prev:Five big most famous invasion examination system overall analysis (chart) Next:Ten big invasion examination system high risk event and handling countermeasure

Comment:

Category: Home > invades the examination
Home