Full Disclosure mailing list archives
RE: +++++SPAM+++++ TCP ports 1025-1030 and DCOM exploit; false positive
From: "Edward W. Ray" <support () mmicman com>
Date: Sun, 10 Aug 2003 11:13:08 -0700
Do not know where this came from Regards, Edward W. Ray SANS GCIA, GCIH -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Edward W. Ray Sent: Sunday, August 10, 2003 10:28 AM To: full-disclosure () lists netsys com Cc: northcutt () sans org; j.french () whitehats ca Subject: +++++SPAM+++++ [Full-disclosure] TCP ports 1025-1030 and DCOM exploit This mail is probably spam. The original message has been attached along with this report, so you can recognize or block similar unwanted mail in future. See http://spamassassin.org/tag/ for more details. Content preview: I have found that the RPC service in Windows also uses TCP ports 1025-1030 for communication with domain controllers (DCs). I found this out by accident by blocking ports in my Windows 2003 domain and observing failed RPC connectivity using netdiag command on clients. I also observed attempts at connection on TCP port 1025. [...] Content analysis details: (3.20 points, 3 required) KNOWN_MAILING_LIST (-0.9 points) Email came from some known mailing list software FORGED_MUA_OUTLOOK (3.5 points) Forged mail pretending to be from MS Outlook MISSING_OUTLOOK_NAME (0.6 points) Message looks like Outlook, but isn't _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- TCP ports 1025-1030 and DCOM exploit Edward W. Ray (Aug 10)
- RE: +++++SPAM+++++ TCP ports 1025-1030 and DCOM exploit; false positive Edward W. Ray (Aug 10)
- <Possible follow-ups>
- Re: TCP ports 1025-1030 and DCOM exploit Joey (Aug 10)