Full Disclosure mailing list archives
agobot and 1025
From: "Willem Koenings" <isec () europe com>
Date: Thu, 29 Apr 2004 08:57:23 -0500
hi all, in range of latest agobot's scans is port 1025. i know that by default there sits mstask and over rpc you can talk to him, add scheduled jobs etc (done this). sniffer captures reveals, that port 1025 attempts significantly resembles 135 DCOM/blaster attempts. can anyone point out what and how _specifically_ are exploited in port 1025? W. -- ___________________________________________________________ Sign-up for Ads Free at Mail.com http://promo.mail.com/adsfreejump.htm _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- agobot and 1025 Willem Koenings (Apr 29)