Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2007-01-10 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Port 2968 big rise - related to Symantec AV?

Published: 2007-01-10
Last Updated: 2007-01-11 04:36:52 UTC
by Jason Lam (Version: 1)
1 comment(s)

Port 2968 is getting quite a jump recently. Take a look at the graph below.

Port 2968 Graph

We suspect the jump is due to the recent Symantec AV 10.1 exploitation. The previous exploits generally hit on port 2967 since that's the port that Symantec AV listens on (for Windows). According to documentation from Symantec, port 2968 is only used for AV running on Netware servers. We are not sure at this point whether the attackers are targeting Netware server since other hosts have all been exploited already or if Symantec AV listens on port 2968 as a backup port. If you have any info on the port 2968 traffic, please let us know.

Keywords:
1 comment(s)

Adobe 7.0.9 released to address the XSS vulnerability

Published: 2007-01-10
Last Updated: 2007-01-10 23:02:55 UTC
by Jason Lam (Version: 1)
0 comment(s)
As promised by Adobe, Acrobat 7.0.9 has been released to address a cross site scripting vulnerability. If you are running version 7.0.8 and prior, you should seriously consider to upgrade. Although there are reports that certain combinations of browsers and Acrobat versions are not vulnerable, upgrading might be the easiest path to ensure vulnerability is gone.

This link will get you to download the latest copy of Acrobat version 8, it is not vulnerable to the XSS vulnerability. If you must stay at version 7, there is a link on the same page to download other versions.
Keywords:
0 comment(s)
Diary Archives