Security Incidents mailing list archives
RE: Problems with modem hanging up after an intrusion
From: "McCammon, Keith" <Keith.McCammon () eadvancemed com>
Date: Thu, 8 Nov 2001 15:39:15 -0500
For starters, I'm not sure how you define a "little" intrusion. That sounds fishy. And you haven't given much information about the modem/RRAS configuration, so this is a shot in the dark, but... The obvious assumption would be that some activity on the server itself is keeping the connection open. Some things to try: - Monitor system processes, preferably checking the process list against that of identical machine in a known good state - Run something like FPort to find out what processes are attaching to the network - Check properties (checksums, ideally) of your systems files - Set up a sniffer and watch, watch, watch... There's a pretty good chance that one of the four of these things will tell you what's happening on your system. The first is tough if you don't have a spare box and a good deal of time. The second and third can be done relatively easily with free tools (FSS comes to mind for file comparison--fast and dirty, and it works). And the fourth will tell you 100% if there is traffic being generated, or if something on the system itself is causing the modem to remain connected. Cheers Keith W. McCammon -----Original Message----- From: Progenit Service S.r.l. [mailto:agente_progenit () public iunet it] Sent: Tuesday, November 06, 2001 3:18 AM To: incidents () securityfocus com Subject: Problems with modem hanging up after an intrusion Hi all, recently I have had a "little" intrusion across a DSL connection on my NT Server (SP4 along with Backoffice SBS 4.5) that my firewall hasn't seen (I've already updated the policies...). After that, all the clients have many problems hanging up a connection using a shared modem installed on the NT server platform. I've already checked all services and their configurations (not yet the registry...). Any suggestions would be much appreciated.. Thanks Giancarlo Technical Support P. S. Florence ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Problems with modem hanging up after an intrusion Progenit Service S.r.l. (Nov 08)
- <Possible follow-ups>
- RE: Problems with modem hanging up after an intrusion McCammon, Keith (Nov 08)