Worm spreading via RDP port 3389

It’s retro day in the world of Internet security, with an Internet worm dubbed “Morto” spreading via the Windows Remote Desktop Protocol (RDP).

F-Secure is reporting that the worm is behind a spike in traffic on Port 3389/TCP. Once it’s entered a network, the worm starts scanning for machines that have RDP enabled. Vulnerable machines get Morto copied to their local drives as a DLL, a.dll, which creates other files detailed in the F-Secure post.

 SANS, which noticed heavy growth in RDP scan traffic over the weekend, says the spike in traffic is a “key indicator” of a growing number of infected hosts. Both Windows servers and workstations are vulnerable.

Source:theregister

Advertisements

Scariest IPv6 attack scenarios

Experts are reporting a rise in the number of attacks that take advantage of known vulnerabilities of IPv6, a next-generation addressing scheme that is being adopted across the Internet. IPv6 replaces the Internet’s main communications protocol, which is known as IPv4.

Salient Federal Solutions, a Fairfax, Va., IT engineering firm, is reporting real-world incidents of IPv6 attacks based on the emerging protocol’s tunneling capabilities, routing headers, DNS broadcasting and rogue routing announcements. The company asserts that all of these threats can be eliminated with the use of IPv6-enabled deep packet inspection tools, which it and other network vendors sell.

Source: Computer World

10 Secure Linux Distributions You Need Know About

With security constantly in the news lately, you can’t help but feel ill at ease and vulnerable — vulnerable to teams of hackers whose only motivations are to expose and attack their victims. Perhaps you think you’ve done due diligence by keeping your patches updated, installing security fixes, and maintaining a corporate firewall.

Those methods are effective about 50 percent of the time. For the other 50 percent, you need to do more. You need penetration testing, security audits, intrusion prevention and intrusion detection, and you need to plug security holes that only hackers know about by using the tools they use to compromise your systems.

Security is expensive no matter how you slice it but it doesn’t have to be a death knell for your business. This list of 10, in no particular order, security-enhanced Linux distributions can give you peace of mind by beating hackers on their turf.

1. Astaro Security Appliance – Formerly known as Astaro Security Linux, the Astaro Security Appliances come in three flavors: Hardware, software and virtual. In the virtual appliance category, Astaro offers appliances built specifically for network security, mail security, Web security and Web application security. The network security virtual appliance, for example, includes a configurable firewall, intrusion protection, DoS attack protection, NAT tools, VPN, IPSec Remote Access, LDAP authentication integration, and bandwidth control.
2. BackTrack Linux -Is the highest rated and most acclaimed Linux security distribution.
3. IPFire – IPFire is a firewall distribution that is small, highly secure and easy to use.
4. Lightweight Portable Security – The Lightweight Portable Security (LPS) distribution boots a thin Linux system from a CD or USB flash drive.
5. Live Hacking DVD – This live DVD distribution is exactly what it sounds like: An ethical hacker’s playground (workbench).
6. EnGarde Secure Linux – EnGarde Linux is a Linux server distribution that is secure and perfect for use as an Internet server.
7. NetSecL – NetSecL is an OpenSUSE-based distribution that features GrSecurity, chroot hardening, auditing, and includes penetration testing software.
8. SmoothWall Express – The SmoothWall Open Source project began in 2000 and continues to be an excellent business firewall solution.
9. Openwall GNU/Linux – Openwall GNU/Linux (OWL) is a small, security-enhanced distribution suitable for virtual appliances, hardware appliances, and physical servers.
10. Vyatta – Vyatta is a commercial security appliance vendor delivering appliances for every network class including cloud architectures.

Source:Serverwatch