hi there,
this may be of some help;
1. go to the source, cdc web site, the good guys who came up with it, seems
like they don't like microsoft, (anyway, who does?),
2. this will not help you too much to detect the bo2k's traffic, and the
reason is that cdc along with the binaries released the code as well. that
comes down to the point that any "script kiddie" can change the default
ports (and even protocol), the frame size, etc. the bo2k works on/over. but
having the code can help you to understand how it works and what measures to
take in order to fight with it.
3. so ati-virus companies came up with their stuff to detect the bo2k
installation on the windows' machines, so i guess daily scan of those would
be handy as well.
regards, p.
>From: "Tompkins, William A" <[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED]
>Subject: Need info about BO2K
>Date: Wed, 04 Aug 1999 08:57:45 -0500
>
>Having been 'lurking' on this list for a while (and benefiting from it), I
>need some help from this list's archives (I think)... reference Back
>Orifice 2000
>I noted the earlier thread on BO2K, but didn't follow it closely. My boss
>wants a more detailed recommendation regarding BO2K.
> After reading the following recommendation in SANS NT digest : "network
>administrators need to configure firewalls to detect Back Orifice traffic,
>to attempt to stop it at the border." . . . I went to my mailbox for the
>method to get into this list's archives. Unfortunately, in doing mailbox
>cleanup, I deleted the instructions for "Firewalls List" Can someone
>forward the instructions to me?
>At this time we do not have "firewalls" and I need to determine what to
>do
>next (besides continuing to bemoan the absolute need for firewalls here).
>
>Regards,
>
>William Tompkins, CISSP, CRP
>Manager of Information Security
>Univ. of Tx Health Science Center at San Antonio
>210-567-2308 (office)
>512-589-6306 (cellular)
>
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
