Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Port 1025/6000 Action (Part II)

Published: 2005-12-11
Last Updated: 2005-12-11 20:53:00 UTC
by Tony Carothers (Version: 1)
0 comment(s)

As reported by Koon Tan yesterday we have seen, and are continuing to see, increased activity reported by more users now.  The link below will show a graph that indicates activity over the past ~72 hours.

We still need full packet captures to help nail this down, so if anybody has them please submit them via the 'Contact' link at the top of the page.

Core Security Technologies has an excellent article on this subject and RPC Vulnerabilities.  One highlight from this article is that the "patches for these vulnerabilities ..... effectively fix the problem(s)" with the vunerabilities used in the discussion.  All of the vulnerabilities are more than 18 months old; these fixed have been out for some time, giving lots of time for admins to perform testing and loading of said patches.

0 comment(s)
Diary Archives