[Dshield] QHOSTS-1 - DNS/Hosts file issues

Roman Fomichev from at e-solutions.lv
Fri Oct 3 05:18:32 GMT 2003


hmmmm... what about using policies on DC instead of configuring every PC? 
;)

On 02 Oct 2003 11:32:43 -0400, Alan Frayer <afrayer at frayernet.com> wrote:

> In attempting to understand this situation, I need to ask a question:
>
> On Thu, 2003-10-02 at 10:35, wbeckham wrote:
>> I got the following from Trusecure this morning.
>>
>> - WB
>>
>> ---------------------------------
>> TruSecure Radar Notice
>
> [snip]
>
>> Summary:
>> Yesterday TruSecure began to observe evidence of an active attack 
>> against
>> users of Internet Explorer 6.0. The attack comprised of a banner, 
>> hosted by
>> FortuneCity.com, which in turn used JavaScript to redirect the 
>> self-closing
>> "pop-under" banner to a site hosted by EV1.NET (Everyone's Internet.) An
>> EV1.NET site then delivered executable code which in turn invoked the 
>> HTA
>> vulnerability.
>
> Would blocking the IP address of the EV1.NET site from outbound traffic
> defeat this attack? If so, this strikes me as much more time efficient
> than visiting each PC and turning off scripting, etc.
>
> ________________________________________________________________________
> Alan Frayer,CNE,CNI,CIW CI,MCP,Net+ - afrayer at frayernet.com
> Seeking an IT Mgmt/Network Admin position in the Tampa Bay Region
> If you would like to discuss an opportunity with me, please e-mail.
>
>
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see: 
> http://www.dshield.org/mailman/listinfo/list
>



-- 
Roman Fomichev

--------------------------------------------------
If you don't keep up with security fixes, your network won't be yours for 
long.




More information about the list mailing list