At the risk of biting on troll-bait:
Should we continue to pay Microsoft for its buggy
software packages?
Well, not unless you want to. There *are* plenty of alternative
packages out there. No need to buy from M$.
Can we sue it for the damages that
it can potentially cause to our company
Thanks for the hints. I was apparently unclear about the situation
a little. I got several replies suggesting I use activeports/fport/etc.
I wanted to clarify that there isn't anything *listening* on 55317,
just a number of machines hitting that port.
I'll take a look around regarding the 'bots.
I've seen an enormous number ( 50/day) of hits on my machine's
firewall (not a public server of any type) against TCP 55317.
Anybody know what this might be? I've been unsuccessful in my
hunts for TCP 55317 on google and groups.google. The only thing
that came up was a relatively obscure
Tony -
Disclaimer: I'm not clear on how much access you want/need to
provide to the vendors. That said
Have you investigated Radmin? I've been very happy with it
in personal/research use for remote desktop/file transfer
activities. It is allegedly encrypted and is capable of using
winders
The Network Services Group is adamant that neither SSH or
CISCO TACACS+ will work on a router to correct the security
issue.
*blink blink*
As a relative newbie/ignorant, I am distressed to hear that
ssh doesn't correct the security issues with regard to
clear-text username/password travel.
I've used sshd under cygwin on win2k for academic access purposes.
Never dealt with it for general (i.e. varied trust level) sftp
access. Don't know enough to comment on whether it meets your
requirement
not to have some vulnerabilities related with FTP
commands such as FTP PORT / SITE / NLIST
Roberto -
THe latest fad is viruses which tell you how dangerous the virus
is, then offer you a patch/protection/additional information
whic arrives as an attachment (or maybe a link to a download)
bearing the viral payload.
Be not fooled by the crafty (well, okay maybe just sneaky)
virus
No guarantees but I'll try on my psychic hat. Are you running some sort of
software which requries a hardware lock? And maybe the software is run off
of a server by a series of clients, which check out the server for said hardware
key.
tcpnethaspsrv == tcp network model + Hasp hardware
John -
Googling logon banner legal requirement got me:
http://rr.sans.org/incident/evidence.php
which explicitly discusses many of the issues regarding
legality of monitoring, but does not *directly* mention
logon banners. However, it has pointers to several legal
cases or statutes
