WelcomeEnterpriseSmall BusinessHome & Home OfficePartnersAbout Symantec
26 April, 2000
NetProwler 3.0 Security Update 11

Important: This security update is considered obsolete. It has been superceded by Security Update 12.

Download obsolete update now.

Description

NetProwler 3.0 Security Update 11 introduces signatures that detect the exploitation of an ftp firewall vulnerability, Microsoft SiteServer 'showcode.asp' vulnerability, and several finger attacks. This update supercedes updates 6, 7, 8, 9, and 10.

Updated/New Signatures

  • Finger_active_query_detected

    In traditional implementations of the finger service, a null finger query will report all users who have ever logged in (active accounts).

  • Finger_all_query_detected

    In traditional implementations of the finger service, this finger query will report all users with accounts on the system.

  • Finger_bomb_detected

    A finger query containing multiple redirect to a null target can cause the finger service to fire recursively, consuming significant resources.

  • Finger_null_query_detected

    In traditional implementations of the finger service, a null finger query will report all users currently logged in.

  • Finger_pipe_bug_exploit_detected

    Shell commands can be executed through old finger daemons using this finger query.

  • Finger_redirect_detected

    This feature is often used to disguise other finger queries, to finger otherwise unreachable systems, or as a denial of service. It is seldom used legitimately.

  • Finger_unused_query_detected

    In traditional implementations of the finger service, this query will report all users that have never logged in (unused accounts).

  • FTP_PASV_Firewall_Attack

    Detected an attempt to punch a hole in a stateful inspection firewall via PASV FTP error reflection.

  • SiteServer_showcode_execution_detected

    SiteServer sample showcode.asp allows remote users to view any file on the file system.

Other Included Signatures

  • HTTP_session_splicing_detected
  • Stacheldraht_activity_detected
  • Stacheldraht_agent_detected
  • Stacheldraht_handler_detected
  • TFN_activity_detected
  • TFN_daemon_detected_via_command
  • TFN_master_detected_via_command
  • TFN_shell_created
  • TFN2K_activity_detected
  • Trinoo_client_activity_detected
  • Trinoo_daemon_detected_via_HELLO
  • Trinoo_daemon_detected_via_png
  • Trinoo_daemon_detected_via_shi
  • Trinoo_daemon_suspected_due_to_incoming_command
  • Trinoo_master_detected_via_client_activity
  • Trinoo_master_detected_via_command
  • Trinoo_master_detected_via_png
  • Trinoo_master_detected_via_shi
  • Trinoo_master_suspected_due_to_incoming_HELLO
  • Whisker_style_IDS_evasion_detected

Additional Resources


Last modified on: Thursday, 27-Sep-01 11:01:11
Site Map · Legal Notices · Privacy Policy · · Contact Us · Global Sites · License Agreements
©1995 - 2008 Symantec Corporation