|
|
Penetration Testing
A L0phCrack Alternative Dec 07 2010 07:42PM olufemimogaji gmail com (4 replies) RE: A L0phCrack Alternative Dec 08 2010 01:26AM Tom Steele (Tom Steele motricity com) (3 replies) RE: A L0phCrack Alternative Dec 08 2010 03:13PM Paul Griggs (Paul Griggs cadre net) (1 replies) RE: A L0phCrack Alternative Dec 10 2010 11:37AM Demetris Papapetrou (dpapapetrou internalaudit gov cy) |
|
Privacy Statement |
> Why would 'C:\Windows\system32\services.exe' be trying to change the following registry key?
>
> \REGISTRY\MACHINE\SYSTEM\ControlSet\SERVICES\TCPIP\PARAMETERS\SYNATTACKP
ROTECT
>
> Is this an indication of an attack or a normal part of the 'services.exe' process?
Hi PG,
You should read this paper [1] to understand what the synattackprotect
parameter does.
The big question is more: To what is the parameter changed?
If it was changed to 0, so deactivating synattack protection, I would
seriously ask myself questions.
But if it was changed to 1, enabling another protection... then I'd
check with my sysadmin if some Active Directory group policies were
changed (manually or because of the installation of a patch)
[1] http://technet.microsoft.com/en-us/library/cc938202.aspx
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
[ reply ]