------=_NextPart_000_000B_01BE827A.BACD4BB0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
YES, we had many problems with BO and Netbus by the end of 1998. We ended
setting up a filter un our routers to not allow traffic on tcp and udp ports
12345 (Netbus) and 31337 and 31338 (BO).
This are the standard ports the things work on. Any experienced man could
change that but at least the 99% of the problem is gone.
This could be followed (if the problem is between your users) by setting up
the same filter in the terminal servers profiles for all users....
Hope this helps....
Fernando M. Kiernan
Imagenes Digitales S.A.
DILHARD
fkiernan@dilhard.com.ar
http://www.dilhard.com.ar
-----Original Message-----
From: ntisp-request@iea-software.com
[mailto:ntisp-request@iea-software.com]On Behalf Of PSS
Sent: Viernes 9 de Abril de 1999 10:10
To: ntisp@iea-software.com
Subject: [NTISP] Netbus or BackOrriface Trojans and Dialup Users
Have any of you had Problems with Dialup user password stealing ?
We have been seeing of late a growing number of Concurrency errors on dialup
user accounts and legimate users unable to access their dialups due to what
appears to be stolen logon names and passwords. We believe that people have
been spreading BackOriface and or Netbus to dialup users and using these
tools to snatch passwords for their own use.
Any ideas,sugestions or experince with this type of scenario...
------=_NextPart_000_000B_01BE827A.BACD4BB0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
Fernando M. Kiernan
Imagenes Digitales=20S.A.
DILHARD
fkiernan@dilhard.com.ar