Jaime Blasco Blog

I've just update the public CVS with some new directives as part of the effort we are doing to improve the upcoming installer:

Possible Successful Attack: Reverse Shell Access to the System

Possible POP3 Bruteforce against SRC_IP

Possible FTP Bruteforce against SRC_IP

Command execution against webserver on DST_IP

File /etc/passwd access on DST_IP

Possible SQL injection attempt against DST_IP

Possible attack against DST_IP (Symantec Remote Management RTVScan Exploit)

Possible sa account bruteforce against SRC_IP (SQL Server)

Possible VNC bruteforce against SRC_IP

Possible attack against DST_IP (Microsoft Server Service related attack)

Too many Cisco Firewall dropped events with destination DST_IP

Possible Worm Infection against DST_IP

Possible Worm Infection against DST_IP via DCOM RPC vulnerability

Possible Worm Infection against DST_IP via Kill-Bill ASN1 vulnerability

Possible Worm Infection against DST_IP via Lsasrv.dll RPC vulnerability

Possible Worm Infection against DST_IP via WINS vulnerability

Possible attack against DST_IP (Microsoft Server Service related attack)

Possible worm scanning behavior on port DST_PORT

Username gathering at SMTP server DST_IP