DESCRIPTION NAME:

Comprehensive Tool - TDS (Request)

 CONFIDENCE LEVEL: HIGH
 SEVERITY INBOUND:
 SEVERITY OUTBOUND:
informational
Faible
Medium
Élevé

 Overview

This is Trend Micro detection for packets passing through TDS network protocol that manifests hacking tool actions that can generally crack or break systems and network security measures. Hacking tools have different capabilities depending on the systems they have been designed to penetrate. System administrators and malicious actors may have the same approach in using hacking tools but have different intent. Both wanted to identify possible avenues for intrusion, but for system administrators it is to test the security of the system while malicious actors take advantage of this.

 Détails techniques

Protocol: TDS

Risk Type: OTHERS
(Note: OTHERS can be network connections related to hacking attempts, exploits, connections done by grayware, or suspicious traffic.)

Threat Type: Grayware

Confidence Level: High

Severity: Low

DDI Default Rule Status: Disable

Behavior Indicator: Database Access

APT Related: NO

 Solutions

Network Content Inspection Pattern Version: 1.13343.00
Network Content Inspection Pattern Release Date: 21 Jun 2018
Network Content Correlation Pattern Version: 1.13311.00
Network Content Correlation Pattern Release Date: 21 Jun 2018

Immediate Action

  • If the host exhibiting this kind of network behavior is within the internal network, change all passwords of the host and ensure the use of strong passwords.
  • Strong passwords should contain upper case letters, lower case letters, digits, punctuation marks, and other symbols. Remove any unrecognizable files, software, or services.
  • Update your Trend Micro products and pattern files to the latest version.
  • Scan the host for possible malware detection and to clean any detected items.

Secondary Action

If scanning fails to detect a malware infection:

  1. If possible, disconnect the host from the network to prevent any further communication or malicious activities the malware may attempt.
  2. Run RootkitBuster to check through hidden files, registry entries, processes, drivers, and hooked system services.
  3. Use the Anti-Threat Toolkit (ATTK) tools to collect undetected malware information.
  4. Identify and clean threats with Rescue Disk, specific to suspected threats that are persistent or difficult-to-clean. Rescue Disk allows you to use a CD, DVD, or USB drive to examine your computer without launching Microsoft Windows.
  5. If the host exhibiting this kind of network behavior is in the external network, ensure the following to prevent risk of attacks:
    • Systems are not in default configuration
    • Firewall is enabled
    • Change all passwords of the host and ensure the use of strong passwords. Strong passwords should contain upper case letters, lower case letters, digits, punctuation marks, and other symbols.
    • Firmware of devices, routers, and other hardware are up to date. As well as the hosts and others that are visible to the external network, have their browsers, plugins, and operating systems fully updated with the latest patches.


    Participez à notre enquête!