Anti-Hacker
161
Messenger, and system components that can be accessed through the
network – DCom, SMB, Wins, LSASS, IIS5.
Anti-Hacker protects your computer from attacks that use the following
known software vulnerabilities (this list of vulnerabilities is cited with the
Microsoft Knowledge Base numbering system):
(
MS03-026
) DCOM RPC Vulnerability(Lovesan worm)
(
MS03-043
) Microsoft Messenger Service Buffer Overrun
(
MS03-051
) Microsoft Frontpage 2000 Server Extensions Buffer Overflow
(
MS04-007
) Microsoft Windows ASN.1 Vulnerability
(
MS04-031
) Microsoft NetDDE Service Unauthenticated Remote Buffer
Overflow
(
MS04-032
) Microsoft Windows XP Metafile (.emf) Heap Overflow
(
MS05-011
) Microsoft Windows SMB Client Transaction Response
Handling
(
MS05-017
) Microsoft Windows Message Queuing Buffer Overflow
Vulnerability
(
MS05-039
) Microsoft Windows Plug-and-Play Service Remote Overflow
(
MS04-045
) Microsoft Windows Internet Naming Service (WINS) Remote
Heap Overflow
(
MS05-051
) Microsoft Windows Distributed Transaction Coordinator
Memory Modification
In addition, there are isolated incidents of intrusion attacks using various
malicious scripts, including scripts processed by Microsoft Internet
Explorer and Helkern-type worms. The essence of this attack type
consists of sending a special type of UDP packets to a remote computer
that can execute malicious code.
Remember that, while connected to the network, your computer is at constant
risk of being attacked by a
hacker. To ensure your computer's security, be sure
to enable Anti-Hacker when using the Internet and regularly update hacker attack
signatures
(see 16.4.2 on pg. 211).
12.10. Blocking and allowing
network activity
If the security level for the Firewall is set to
Training Mode
, a special notice
appears on screen each time a network connection is attempted that has no rule.
