Threat Level: green Handler on Duty: Rick Wanner

SANS ISC: Port 42, New Old Patch, Scams - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Port 42, New Old Patch, Scams
We have been seeing a lot of user reports of activity on port 42, although we don't seem to have any reports of what specifically is causing it, we really would like to receive additional reports from systems receiving or originating high port 42 traffic.

This traffic appears to have spiked on the 13th or so, but is maintaining higher than normal levels, and so is still interesting. A good suggestion might be to disable port 42 if you are not running WINS.

Looks like Microsoft is going to update MS04-038 if this is in fact updated, it was a critical vulnerability, so you should check your systems regardless of the press that Microsoft gives the update. Note that the 2004 date in the link appears to be a typo.

More details can be found at http://www.ngssoftware.com/advisories/msinsengfull.txt
Scams/Phishing
We seem to be seeing more sophisticated phishing sites/attempts from multiple sources on a more routine basis. So, with that in mind, most solutions are non-technical in nature, what I would really like to know is, what are you doing to educate your users? If not education, how do you protect against phishing sites?

-
Michael Haisley mhaisley@isc.sans.org
SANS Internet Storm Center Incident Handler
Michael

18 Posts

Sign Up for Free or Log In to start participating in the conversation!