Monday, July 12, 2010

Eight high-risk incident response IDS


The author currently exist for the more serious vulnerabilities, security monitoring abnormal attacks eight high-risk events, the corresponding solutions to ensure that the intrusion detection system (IDS) to better play.

1. Microsoft Windows Messenger Service Remote Heap Overflow Vulnerability

Microsoft Windows XP, Windows NT, Windows ME, Windows 9X, Windows 2000, Windows 2003, etc. Almost all Windows operating systems are affected by this vulnerability. Windows Messenger service for server and client send each other a number of short messages. Microsoft Windows Messenger Service heap overflow issue exists, a remote attacker could exploit this vulnerability to system privileges on the target machine to execute arbitrary commands. Problems exist in the Messenger service program search-by-name function, the attacker to submit a specific sequence of strings to this function may cause heap overflow, well-constructed data may be submitted to the system privileges on the target machine to execute arbitrary commands. Submitted through the NetBIOS or RPC message to the messaging service, so you can close NETBIOS ports (137-139) and the use of UDP broadcast packet filtering firewall to block such messages.

Proposal

Temporary Solution: If you can not immediately install patches or upgrades, recommends the following measures to reduce the threat:

鈼?firewall or personal firewall at the border can not be trusted host access on the Prohibition of NETBIOS, and RPC ports 135,137,139 (TCP / UDP);

鈼?Disable the Messenger service. Open the "Start" (or open the "Settings") Click "Control Panel", then double-click "Administrative Tools", double-click "Services", locate and double-click "Messenger", in the "Startup Type" drop-down box choose "has been Disable ", then click" Stop ", then click" OK. "

Permanent solution: play system security bulletin MS03-043 patch.

2. Windows Exchange Server Remote Buffer Overflow Vulnerability

Windows 2000, Windows XP, Windows NT will be affected by this vulnerability. Microsoft Exchange Server is a Microsoft developed the mail service program. Exchange Server 2.5 and 2000 requests for malicious verb lack of adequate processing, remote attacker could exploit this vulnerability to Exchange Server process privileges to execute arbitrary commands on the system. Exchange Server 5.5涓湪Internet閭欢鏈嶅姟涓瓨鍦ㄤ竴涓畨鍏ㄩ棶棰橈紝鍏佽鏈獙璇佺敤鎴疯繛鎺xchange Server鐨凷MTP绔彛锛屽彂閫佺壒娈婃瀯寤虹殑鎵╁睍verb璇锋眰锛屽鑷村垎閰嶄竴涓秴澶у唴瀛橈紝杩欏彲鑳戒娇Internet閭欢鏈嶅姟鍏抽棴鎴栬?浣挎湇鍔″仠姝㈠搷搴斻?鍦‥xchange 2000 Server涓悓鏍峰瓨鍦ㄨ繖涓棶棰橈紝杩欑璇锋眰鍙紩璧风被浼糆xchange Server 5.5鐨勬嫆缁濇湇鍔°?鍙﹀濡傛灉鏀诲嚮鑰呯簿蹇冩瀯寤烘彁浜ゆ暟鎹紝鍙兘浠xchange Server杩涚▼鏉冮檺鍦ㄧ郴缁熶笂鎵ц浠绘剰鎸囦护銆?br />
Proposal

涓存椂瑙e喅鏂规硶锛?br />
鈼?鐢⊿MTP鍗忚妫?祴杩囨护SMTP鍗忚鎵╁睍锛?br />
鈼?浣跨敤闃茬伀澧欓檺鍒禨MTP鐨勪娇鐢紱

鈼?鍙帴鏀堕獙璇佽繃鐨凷MTP浼氳瘽锛岄?杩囦娇鐢⊿MTP AUTH鍛戒护闄愬埗鍙帴鏀堕獙璇佽繃鐨勪細璇濄?

姘镐箙瑙e喅鍔炴硶锛氭墦绯荤粺琛ヤ竵銆?br />
3. Microsoft MSN Messenger杩滅▼淇℃伅娉勯湶婕忔礊

Microsoft MSN Messenger Service浼氬彈姝ゆ紡娲炲奖鍝嶃? MSN Messenger鍦ㄥ鐞嗘枃浠惰姹傛椂瀛樺湪瀹夊叏闂锛岃繙绋嬫敾鍑昏?鍙互鍒╃敤杩欎釜婕忔礊鑾峰緱绯荤粺涓枃浠跺唴瀹广?鏀诲嚮鑰呭彲浠ュ彂閫佺壒娈婃瀯寤虹殑鏂囦欢璇锋眰杩炴帴杩愯MSN Messenger鐨勭敤鎴锋潵瑙﹀彂姝ゆ紡娲烇紝鎴愬姛鍒╃敤姝ゆ紡娲烇紝鏀诲嚮鑰呭彲浠ュ湪娌℃湁鐢ㄦ埛鐭ユ檽涓嬫煡鐪嬬‖鐩樹笂鏂囦欢鍐呭銆備笉杩囨敾鍑昏?蹇呴』鐭ラ亾鏂囦欢鍦ㄧ郴缁熶笂鐨勪綅缃?

Proposal

涓存椂瑙e喅鏂规硶锛氬缓璁噰鍙栦娇鐢ㄩ槻鐏杩囨护7007鍜?008绔彛浠ラ檷浣庡▉鑳併?

姘镐箙瑙e喅鍔炴硶锛氭墦绯荤粺瀹夊叏鍏憡MS04-010鐩稿簲鐨勮ˉ涓併?

4. Windows Help鍜孲upport Center杩滅▼缂撳啿鍖烘孩鍑烘紡娲?br />
Windows XP銆乄indows 2000銆乄indows 2003銆乄indows NT浼氬彈姝ゆ紡娲炲奖鍝嶃?

Proposal

涓存椂瑙e喅鏂规硶锛氬彇娑圚CP鍗忚鐨勬敞鍐岋紝鍒犻櫎HKEY_CLASSES_ROOTHCP娉ㄥ唽琛ㄩ敭鍊煎彲鍙栨秷HCP鍗忚鐨勬敞鍐屻?

姘镐箙瑙e喅鍔炴硶锛氭墦寰蒋MS03-044鍏憡鐩稿簲鐨勮ˉ涓併?

5. Netscreen杩滅▼鎷掔粷鏈嶅姟鏀诲嚮婕忔礊

NetScreen ScreenOS浼氬彈姝ゆ紡娲炲奖鍝嶃?Netscreen鏄竴娆惧鐞嗛槻鐏瀹夊叏瑙e喅鏂规锛屽疄鐜扮嚎閫熸暟鎹寘澶勭悊鑳藉姏銆侼etscreen瀛樺湪SSH1 CRC32鐩稿叧闂锛岃繙绋嬫敾鍑昏?鍙互鍒╃敤杩欎釜婕忔礊杩涜鎷掔粷鏈嶅姟鏀诲嚮銆傞粯璁etscreen涓嶅惎鐢⊿SH锛孨etscreen涔熶笉榧撳姳瀹㈡埛浣跨敤SSH鏈嶅姟锛屼絾鏄湪GUI涓彲浠ヨ缃娇鐢⊿SH鏈嶅姟锛屼笉杩囪繖涓湇鍔″彧寮?惎鍦ㄥ彲淇℃帴鍙d腑锛岄櫎闈炲鍔犺鍒欒浆鍙戜俊鎭埌鍏朵粬鎺ュ彛/绔彛涓?濡傛灉Netscreen寮?惎浜嗚繖涓猄SH鏈嶅姟锛屽氨瀛樺湪鎷掔粷鏈嶅姟鏀诲嚮鏉′欢銆傝緝鏂扮増鏈殑ssh1瀹堟姢绋嬪簭涓墍甯︾殑涓?浠g爜涓瓨鍦ㄤ竴涓暣鏁版孩鍑洪棶棰樸?闂鍑哄湪deattack.c锛岀敱浜庡湪detect_attack()鍑芥暟涓敊璇湴灏嗕竴涓?6浣嶇殑鏃犵鍙峰彉閲忓綋鎴愪簡32浣嶅彉閲忔潵浣跨敤锛屽鑷磋〃绱㈠紩婧㈠嚭闂銆傝繖灏嗗厑璁镐竴涓敾鍑昏?瑕嗙洊鍐呭瓨涓殑浠绘剰浣嶇疆鐨勫唴瀹癸紝鏀诲嚮鑰呭彲鑳借繙绋嬭幏鍙杛oot鏉冮檺銆傚埄鐢ㄤ换浣曠浉鍏矯RC32婕忔礊鐨勬敾鍑讳唬鐮侊紝閮藉彲浠ュ鑷磋澶囧穿婧冿紝闇?閲嶆柊鍚姩鎵嶈兘鎭㈠姝e父鍔熻兘銆備絾鏄疦etscreen鍝嶅簲璁や负杩欎釜鎷掔粷鏈嶅姟涓嶆槸鐢变簬CRC32婕忔礊闂寮曡捣鐨勶紝涓嶈繃CRC32婕忔礊鐨勬敾鍑讳唬鐮佸彲浠ュ鑷存嫆缁濇湇鍔°?

Proposal

涓存椂瑙e喅鏂规硶锛氬缓璁殏鏃朵笉浣跨敤SSH鏈嶅姟浠ラ檷浣庡▉鑳併?

姘镐箙瑙e喅鍔炴硶锛氶殢鏃跺叧娉ㄨ蒋浠跺晢涓婚〉浠ヨ幏鍙栨渶鏂扮増鏈?

6. Microsoft Windows NtSystemDebugControl()鍐呮牳API鍑芥暟鏉冮檺鎻愬崌婕忔礊

Microsoft Windows XP SP1鍜學indows 2003浼氬彈姝ゆ紡娲炲奖鍝嶃?Microsoft Windows鎿嶄綔绯荤粺鍐呮牳API鍑芥暟瀛樺湪瀹夊叏闂锛屾湰鍦版敾鍑昏?鍙互鍒╃敤杩欎釜婕忔礊鎻愬崌鏉冮檺銆俍wSystemDebugControl()浠巒tdll.dll瀵煎嚭锛岃皟鐢╓indows鎿嶄綔绯荤粺鍑芥暟NtSystemDebugControl()锛岃繖涓嚱鏁板湪ring 0妯″紡涓嬫墽琛岋紝鎷ユ湁SeDebugPrivilege鏉冮檺鐨勮皟璇曡?鍙互鍒╃敤杩欎釜鍑芥暟鑾峰緱鏉冮檺鎻愬崌銆?br />
Proposal

涓存椂瑙e喅鏂规硶锛氬缓璁湪鎵?湁鐢ㄦ埛/缁勪腑鍘绘帀璋冭瘯鏉冮檺浠ラ檷浣庡▉鑳併?

姘镐箙瑙e喅鍔炴硶锛氶殢鏃跺叧娉ㄥ巶鍟嗙殑涓婚〉浠ヨ幏鍙栨渶鏂扮増鏈?

7. Microsoft IIS HTTP澶撮儴澶勭悊缂撳啿鍖烘孩鍑烘紡娲?br />
Windows 2000銆乄indows XP銆乄indows NT4.0銆両IS4.0/5.0浼氬彈姝ゆ紡娲炲奖鍝嶃?IIS锛圛nternet Information Server锛夋槸Microsoft Windows绯荤粺榛樿鑷甫鐨刉eb鏈嶅姟鍣ㄨ蒋浠躲? IIS 4.0/5.0/5.1鍦ㄥ鐞咹TTP澶撮儴淇℃伅鐨勪唬鐮佷腑瀛樺湪杩滅▼缂撳啿鍖烘孩鍑烘紡娲烇紝杩滅▼鏀诲嚮鑰呭彲浠ュ埄鐢ㄦ婕忔礊杩滅▼鎵ц鍛戒护鎴栭?鎴愭嫆缁濇湇鍔°?IIS鍦ㄦ敹鍒颁竴涓狧TTP璇锋眰鏃讹紝浼氬厛瀵瑰叾杩涜鍒嗘瀽锛屽畠鏍规嵁鍒嗛殧绗︽潵鍖哄垎涓嶅悓鐨勫尯鍩燂紝骞跺皢涓嶅悓鍩熺殑鍐呭淇濆瓨鍒伴?褰撳ぇ灏忕殑缂撳啿鍖轰腑銆備负纭繚搴旀湁鐨勫垎闅斿煙瀛樺湪涓斿浜庡悎鐞嗙殑浣嶇疆锛孖IS浼氬湪瑙f瀽HTTP鎶ュご鐨勫煙涔嬮棿杩涜涓?釜瀹夊叏妫?煡銆備絾鏄埄鐢ㄨ繖涓?紡娲烇紝鏀诲嚮鑰呮湁鍙兘娆洪獥杩欎竴妫?煡锛屼娇IIS璇互涓哄垎闅斿煙纭疄瀛樺湪锛孖IS鍙兘浼氬皢涓?釜瓒呰繃IIS棰勬湡闀垮害鐨凥TTP澶撮儴鍩熸暟鎹繚瀛樺埌涓?釜缂撳啿鍖轰腑锛屼粠鑰岄?鎴愮紦鍐插尯婧㈠嚭銆傝鍒╃敤杩欎釜婕忔礊锛岀洰鏍嘔IS鏈嶅姟鍣ㄥ繀椤诲厑璁镐娇鐢ˋSP ISAPI銆傚鏋滄敾鍑昏?浣跨敤闅忔満鏁版嵁锛屽彲鑳戒娇IIS鏈嶅姟宕╂簝锛圛IS 5.0/5.1浼氳嚜鍔ㄩ噸鍚級銆傚鏋滅簿蹇冩瀯閫犲彂閫佺殑鏁版嵁锛屼篃鍙兘鍏佽鏀诲嚮鑰呮墽琛屼换鎰忎唬鐮併?鎴愬姛鍦板埄鐢ㄨ繖涓紡娲烇紝瀵逛簬IIS 4.0锛岃繙绋嬫敾鍑昏?鍙互鑾峰彇SYSTEM鏉冮檺锛屽浜嶪IS 5.0/5.1鏀诲嚮鑰呭彲浠ヨ幏鍙朓WAM_computername鐢ㄦ埛鐨勬潈闄愩?

Proposal

涓存椂瑙e喅鏂规硶锛?br />
鈼?濡傛灉涓嶉渶瑕佷娇鐢ˋSP鑴氭湰锛屽簲璇ョ珛鍒诲垹闄も?.asp鈥濈殑鑴氭湰鏄犲皠锛氭墦寮?nternet 鏈嶅姟绠$悊鍣紝鍙冲嚮鏈嶅姟鍣紝鍦ㄨ彍鍗曚腑閫夋嫨鈥滃睘鎬р?鏍忥紝閫夋嫨鈥滀富灞炴?鈥濓紝閫夋嫨 WWW 鏈嶅姟鈫掔紪杈戔啋涓荤洰褰曗啋閰嶇疆锛屽湪鎵╁睍鍚嶅垪琛ㄤ腑鍒犻櫎鈥?asp鈥濋」锛屼繚瀛樿缃?鐒跺悗閲嶅惎IIS鏈嶅姟銆?br />
鈼?鍙互浣跨敤寰蒋鎻愪緵鐨勪竴涓畨鍏ㄥ伐鍏稶RLScan鏉ラ檺鍒舵敾鍑昏?鍒╃敤杩欎釜婕忔礊杩滅▼鎵ц鍛戒护銆俇RLScan缂虹渷涓嶅厑璁窾RL涓寘鍚潪ASCII瀛楃锛屽洜姝ゅ彲浠ユ湁鏁堝湴澧炲ぇ鏀诲嚮鑰呮敾鍑荤殑闅惧害銆備絾杩欎笉鑳介槻姝㈡敾鍑昏?杩涜鎷掔粷鏈嶅姟鏀诲嚮銆?br />
姘镐箙瑙e喅鍔炴硶锛氬畨瑁呭井杞畨鍏ㄥ叕鍛奙S02-018鐩稿簲鐨勮ˉ涓併?

8. Windows濯掍綋鎾斁鍣ㄥ澹充笅杞戒唬鐮佹墽琛屾紡娲?br />
Microsoft Windows Media Player 7.1銆乄indows Media Player XP銆乄indows XP銆乄indows NT銆乄indows 98銆乄indows ME绛夌郴缁熼兘浼氬彈姝ゆ紡娲炲奖鍝嶃?

Windows濯掍綋鎾斁鍣ㄥ湪澶勭悊涓嬭浇澶栧3鏂囦欢鏃跺瓨鍦ㄩ棶棰橈紝杩滅▼鏀诲嚮鑰呭彲浠ュ埄鐢ㄨ繖涓紡娲炲埄鐢ㄦ伓鎰忛〉闈笂浼犱换鎰忔枃浠跺埌鐩爣绯荤粺涓换鎰忎綅缃?褰揑nternet Explorer閬囧埌MIME绫诲瀷涓衡?application/x-ms-wmz鈥濈殑鏂囨。鏃讹紝灏变細浠モ?/layout鈥濆懡浠よ閫夐」鍚姩wmplayer.exe鏉ユ寚绀哄獟浣撴挱鏀惧櫒浠庢寚瀹氱殑URL涓嬭浇澶栧3鏂囦欢鍒癕edia Player鐨勫澹虫枃浠剁洰褰曚腑銆備负闃叉閮ㄥ垎鍩轰簬Internet鐨勬敾鍑伙紝绋嬪簭鍦ㄤ笅杞借矾寰勪腑浣跨敤闅忔満鍏冪礌锛岃繖鏍峰彲浣夸笅杞界殑澶栧3鏂囦欢鍚嶄笉浼氳鏀诲嚮鑰呯寽娴嬪嚭鏉ャ?Media Player瀛樺湪涓?釜缂洪櫡锛屼笂闈㈡弿杩扮殑鍔熻兘鍙湪URL涓娇鐢℉EX缂栫爜鐨勫弽鏂滅嚎绗﹀彿鏉ョ粫杩囷紝濡傛灉鍙寚瀹氭伓鎰廢RL骞惰浣跨敤鎴疯闂紝涓嬭浇鐨勬枃浠跺す灏卞彲浠ヨ閫夋嫨銆傚鏋滄枃浠跺悕涓嶆槸浠モ?.WMZ鈥濈粨灏撅紝Media Player涓?埇浼氬湪鏂囦欢鍚庡鍔犺繖涓墿灞曞悕锛屼絾鏄鏋滀互鐗规畩鏂规硶浣跨敤Content-disposition HTTP澶村瓧娈碉紝杩欎釜闄愬埗灏卞彲浠ョ粫杩囧苟涓斿彲浠ラ殢鎰忛?鎷╂墿灞曞悕锛屽洜姝ゆ敾鍑昏?缁撳熬杩欎袱涓棶棰樺氨鍙互鎶婁换鎰忔枃浠跺瓨鏀惧湪鐩爣鐢ㄦ埛浠绘剰鍦版柟銆傛敾鍑昏?鍙互鍒╃敤鎭舵剰椤甸潰鎴栨伓鎰廐TML褰㈠紡EMAIL鏉ヨ浣跨敤鎴疯闂紝涓嬭浇澶栧3鏂囦欢锛岃Е鍙戞紡娲炪?

Proposal

涓存椂瑙e喅鏂规硶锛歄utlook Express 6.0鍜孫utlook 2002榛樿璁剧疆鏄湪闄愬埗鍖哄煙涓墦寮?TML閭欢锛屼娇鐢∣utlook 98鍜?000鐨勭敤鎴烽渶瑕侀?杩嘜utlook E-mail瀹夊叏鍗囩骇鏉ヤ慨姝f婕忔礊銆?br />
姘镐箙瑙e喅鍔炴硶锛氬畨瑁呭井杞畨鍏ㄥ叕鍛奙S03-017鐩稿簲鐨勮ˉ涓併?






相关链接:



MASH



Silver DVD Editor



Evaluate Education



LasVegas DVD To SWF



Simple Network And Internet



Inventory And BARCODING Storage



psp 6000



how to CONVERT flv to 3gp



mkv to avi CONVERTER free download



CoreSoft DVD to iPod Video Converter



Bluesea M4V Deconde



Nwz-e443



Recommend Hobby



CABLE TV On PC



Professional WMV to DVD FLV



Youtube Video to AVI Top Rated



No comments:

Post a Comment