Nov 09, 2006 by Javantea
Nov 09, 2006 by Javantea
Nov 09, 2006 by Javantea
Nov 09, 2006 by Javantea
by Javantea aka. Joel R. Voss
Analysis: Sept-Oct 2006
Write-up: Nov 9, 2006
LSASS Vulnerability Analysis
Botnets
In my previous essay on botnets, I referenced my work in May 2004 analyzing the threat posed by the LSASS vulnerability and worm. I also wrote that LSASS continues to suffer from vulnerabilities, the latest being Aug 10, 2006. I ran a honeypot quite similar to the one ran in 2004 (updated to capture traffic) and produced the results found in the data section. As we can plainly see, worms are still exploiting these vulnerabilities.
A simple analysis of traffic captured by a honeypot on TCP ports: 135, 139, and 445. These are ports normally open on Windows computers.
Read more »
