Handler on Duty: Guy Bruneau
Threat Level: green
Loading...
|
|
URL |
---|
MS04-009 Upgraded to Critical, Disable Outlook HTML Parser, 'Phatbot', NetSky Day |
TCP port 1025 activity; continued DNS poisonings; 802.11 security primer |
Submitted By | Date |
---|---|
Comment | |
Johannes Ullrich | 2009-10-04 18:45:22 |
see MSFT Knowledge Base: http://support.microsoft.com/default.aspx?scid=KB;en-us;q280132 port 1025 is assigned to a port of the "Active Directory logon and directory replication interface" | |
2009-10-04 18:45:22 | |
Microsoft Windows RPC malformed message buffer overflow vulnerability (TCP ports 135, 445, 1025) exploited by "Win32.Lioten Family" virus: http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=42309 | |
Ryan Janke | 2009-10-04 18:45:22 |
On a Linux box, Snort identifies this traffic as the same kind which WinXP machines without either: 1) The "Messenger" service disabled or 2) The "Shoot the Messenger" patch from GRC.com installed or 3) A patch supplied by Microsoft to correct the "Messenger" issue register as ads and display on a user's screen. (IE: "Your registry is corrupted. . ." etc. etc.) | |
2007-05-08 13:43:07 | |
Dudes: Port 1025 is used by Application Layer Gateway ALG.EXE. Disabling that service will close it. Travis | |
Johannes Ullrich | 2007-05-01 03:31:53 |
April 15th 2007, a RinBot variant started scanning this port for the DNS-RPC vulnerability. see http://isc.sans.org/diary.html?storyid=2643 | |
Compo | 2006-03-24 03:46:43 |
This port is also used by Avanquests ViaComs SystemSuite Ver 5 & 6 (at least) for the MX Tast as the 'background task server' and is completly legal for this program. Compo | |
F-Secure | 2005-12-20 05:48:18 |
New network worm Win32/Dasher.A seems to use this port while exploiting MS05-051. | |
Jeni Li | 2005-04-06 10:36:55 |
TCP 1025 is used by many Web hosting providers as an alternate SMTP port for their customers to reach their SMTP servers. Necessitated by big-name ISPs including MSN and Cox Cable blocking or restricting outbound TCP 25. | |
2004-07-08 11:17:58 | |
http://www.blackhat.com/presentations/win-usa-04/bh-win-04-seki-up2.pdf | |
Justin Singh | 2004-06-27 02:24:33 |
1025 seems to be used by some VOIP devices like Net2phone's yapjack. Blocking access to this port on a firewall could cause this service to fail when the user tries to initiate more than one consecutive call on a single internet session. | |
Ulrich Weber | 2004-05-23 04:15:51 |
Port 1025 is officially assigned to network blackjack and nothing else. In fact it will be used by the first program or service that tries to establish an outgoing or internal connection after a system boot. Concerning a non-compromised, stand-alone XP System this will usually be the svchost process respectively the system process itself, more or less chosen by chance. | |
2004-04-27 23:44:53 | |
port 1025 is by default used by task scheduler rpc component |
CVE # | Description |
---|