Detecting Malicious Processes in Linux

Warnings: Be sure you are satisfied with your backups before you make any changes to your server. Modifying any part of a server with administrative access may cause services to fail or the system itself to become unbootable.  Only experienced and authorized administrators should perform any steps outlined in this guide. It is very possible […]

Read more →

Guide to Microsoft SQL Server Browser Service Access Amplification Issues

Description: The SQL Server Browser service enumerates SQL Server information on the network. In such way attackers can use SQL Server clients to browse the current infrastructure and retrieve a list of running SQL Server instances. Microsoft SQL Server Browser service listens on port 1434/udp and accepts unauthenticated requests by using SQL Server Resolution Protocol […]

Read more →

Guide to QOTD Amplification Issues

Description Quote of the Day (QOTD) is a service running on port 17. It returns the quotation of the day, which is a message composed of one of multiple lines. Attackers can use QOTD to launch denial of service attacks. (The Bandwidth Amplification Factor is about 140.3. Ref: http://www.us-cert.gov/ncas/alerts/TA14-017A ) How to test if your […]

Read more →

Guide to Ebury

Description of Issue Ebury is a SSH rootkit/backdoor trojan for Linux based operating systems. It is installed by an attacker on the root-level compromised hosts by either replacing SSH related binaries (ssh, sshd, ssh-add, etc.) or a shared library used by SSH (libkeyutils). On infected hosts, Ebury steals SSH login credentials (username+password) from incoming and outgoing SSH connections. The […]

Read more →

Denial of Service Guide

Issue Description A Denial of Service (DoS) attack is an attempt to make a machine or network resource unavailable to its intended users. A DoS attack generally consists of efforts to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet.  A DoS attack may be distributed among many sources making […]

Read more →

Guide to Mayhem Infection

Description: A Mayhem infection opens your server into participating in abusive network activities using a compromised website user account. The malware targets vulnerable websites (usually Content Management Systems “CMS” like wordpress or joomla), uploads malicious files in the content and launches a process to perform web attacks (bruteforce) against other websites (victims). How to detect […]

Read more →

Guide to Public SNMP Amplification Issues

What is Simple Network Management Protocol? Simple Network Management Protocol (SNMP) is one of the popular protocols used for network management. It is used to manage network devices. It is used to collect the information or to configure any network snmp-based device, such as servers, switches, routers, hardware firewalls etc. Read more details about this […]

Read more →