Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

agobot and 1025

From: "Willem Koenings" <isec () europe com>
Date: Thu, 29 Apr 2004 08:57:23 -0500

hi all,

in range of latest agobot's scans is port 1025. i know that
by default there sits mstask and over rpc you can talk to
him, add scheduled jobs etc (done this). sniffer captures
reveals, that port 1025 attempts significantly resembles
135 DCOM/blaster attempts.

can anyone point out what and how _specifically_ are exploited
in port 1025?

W.
-- 
___________________________________________________________
Sign-up for Ads Free at Mail.com
http://promo.mail.com/adsfreejump.htm

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: