Code: p1228 Severity: Warning
Description: Netcat execution attempt - Netcat is a very flexible and powerfull tcp and udp port listener Impact: Serious. Full compromise of the host is possible. An attacker may have already compromised your system using another exploit and installed netcat to easily access a remote shell Corrective: Remove nc.exe. Portscan your host and check your firewall log files for IP's accessing the suspect port where netcat listens to gain information about the attacker. Webservers should not be allowed to view or execute files and binaries outside of it's designated web root or cgi-bin. This command may also be requested on a command line should the attacker gain access to the machine.
|
