Re: [Dshield] QHOSTS-1 - DNS/Hosts file issues

[Roman Fomichev <[EMAIL PROTECTED]>]

hmmmm... what about using policies on DC instead of configuring every PC? 
;)

On 02 Oct 2003 11:32:43 -0400, Alan Frayer <[EMAIL PROTECTED]> wrote:

> In attempting to understand this situation, I need to ask a question:
>
> On Thu, 2003-10-02 at 10:35, wbeckham wrote:
> > I got the following from Trusecure this morning.
> >
> > - WB
> >
> > ---------------------------------
> > TruSecure Radar Notice
>
> [snip]
>
> > Summary:
> > Yesterday TruSecure began to observe evidence of an active attack 
> > against
> > users of Internet Explorer 6.0. The attack comprised of a banner, 
> > hosted by
> > FortuneCity.com, which in turn used JavaScript to redirect the 
> > self-closing
> > "pop-under" banner to a site hosted by EV1.NET (Everyone's Internet.) An
> > EV1.NET site then delivered executable code which in turn invoked the 
> > HTA
> > vulnerability.
>
> Would blocking the IP address of the EV1.NET site from outbound traffic
> defeat this attack? If so, this strikes me as much more time efficient
> than visiting each PC and turning off scripting, etc.
>
> ________________________________________________________________________
> Alan Frayer,CNE,CNI,CIW CI,MCP,Net+ - [EMAIL PROTECTED]
> Seeking an IT Mgmt/Network Admin position in the Tampa Bay Region
> If you would like to discuss an opportunity with me, please e-mail.
>
>
> _______________________________________________
> list mailing list
> [EMAIL PROTECTED]
> To change your subscription options (or unsubscribe), see: 
> http://www.dshield.org/mailman/listinfo/list



--
Roman Fomichev

--------------------------------------------------
If you don't keep up with security fixes, your network won't be yours for 
long.

_______________________________________________
list mailing list
[EMAIL PROTECTED]
To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list