Security Incidents mailing list archives
Re: TCP port 5000 syn increasing
From: Valdis.Kletnieks () vt edu
Date: Wed, 19 May 2004 14:20:00 -0400
On Tue, 18 May 2004 18:56:14 -0300, Andreas <andreas () conectiva com br> said:
On Tue, May 18, 2004 at 05:30:43PM -0400, Valdis.Kletnieks () vt edu wrote:I'm waiting for the first worm that tunnels over HTTP port 80, as a number of protocols already do, to get around firewalls that only pass 25 and 80. ;)It would have to be "de-tunneled" on the inside to do something useful. Either the network is already compromised, or it exploits something on that specific service.
Leverage existing code. Windows 2003 already knows how to tunnel RPC over https. And quite frankly, any sentence that has "Windows" and "RPC" in it is all too close to "already compromised"......
Attachment:
_bin
Description:
Current thread:
- Re: TCP port 5000 syn increasing, (continued)
- Re: TCP port 5000 syn increasing Noel Cuillandre (May 17)
- Re: TCP port 5000 syn increasing Mike Barushok (May 18)
- Re: TCP port 5000 syn increasing Leonardo (May 17)
- RE: TCP port 5000 syn increasing Terence Runge (May 17)
- RE: TCP port 5000 syn increasing Jose Nazario (May 18)
- RE: TCP port 5000 syn increasing Paul Schmehl (May 18)
- RE: TCP port 5000 syn increasing Frank Knobbe (May 18)
- Re: TCP port 5000 syn increasing Valdis . Kletnieks (May 18)
- Re: TCP port 5000 syn increasing Andreas (May 19)
- Re: TCP port 5000 syn increasing Harlan Carvey (May 19)
- Re: TCP port 5000 syn increasing Valdis . Kletnieks (May 19)
- Re: TCP port 5000 syn increasing Harlan Carvey (May 19)
- RE: TCP port 5000 syn increasing Jose Nazario (May 18)
- RE: TCP port 5000 syn increasing Nick FitzGerald (May 19)
- RE: TCP port 5000 syn increasing Nick FitzGerald (May 19)
- RE: TCP port 5000 syn increasing Paul Schmehl (May 19)
- RE: [Securityfocus-incidents] RE: TCP port 5000 syn increasing Remko Lodder (May 18)
- Re: TCP port 5000 syn increasing Bob (May 20)
- Re: TCP port 5000 syn increasing Valdis . Kletnieks (May 21)