We are seeing some heavy scanning activity on TCP 5168. Probably for Trend Micro ServerProtect. There was vulnerabilities announced for this product yesterday. http://secunia.com/advisories/26523/ and http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=588 It does indeed look like machines are getting owned with this vulnerability. More info to come...
UPDATE: To expedite your patch finding needs, Trend Micro has made product patches available for download from: http://www.trendmicro.com/download/product.asp?productid=17
OPEN CALL FOR Trend Micro management service "RELATED" PACKETS! I had just made a request for packets from one of our writers, and figured it a great opportunity to make it open season for packets. If you *reading this* are witness to TCP port 5168 scanning activity, and feel you have a reasonably safe platform to perform additional data collection for us, we'd really appreciate it. date +%Y%m%d-%H%M%S >> monitoring-the-trend-of-evil.txt
If you spot any unusual frequency of activity, *especially* if you have no particular idea of what might be in the *.hex.txt output file. Then ship us a copy, via our handy dandy file submission contact form at http://isc.sans.org/contact.html
W
|
Kyle 112 Posts Aug 23rd 2007 |
Thread locked Subscribe |
Aug 23rd 2007 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!