Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Increased port 135 activity

From: security snot <booger () unixclan net>
Date: Sun, 21 Sep 2003 21:36:26 -0700 (PDT)
If all internet traffic were filtered, idiots like you would have no
useless statistics to quote, and if you did, no place to quote them.

Not too long ago CERT reported increased scans for tcp 135, 139 and made
the observation that there was likely to be increased exploitation of
"anonymous shares" on Windows machines.  How silly they looked when it
turned out there were multiple exploits for Samba being distributed by
dvdman, and mass exploitation of this service by every #vuln/#darknet
hacker.

"oh, something else runs on that port too!"
        - The Cert Pedophile (friend of KF)

Anyhow, have a nice day.

-----------------------------------------------------------
"Whitehat by day, booger at night - I'm the security snot."
- CISSP / CCNA / A+ Certified - www.unixclan.net/~booger/ -
-----------------------------------------------------------

On Sun, 21 Sep 2003, Paul Tinsley wrote:


Does this bother anybody else?

http://isc.incidents.org/port_details.html?port=135

Todays numbers are higher than what was seen with blaster (the green
peak on the 11th):
http://isc.incidents.org/port_details.html?port=135&repax=1&tarax=2&srcax=2&percent=N&days=70&Redraw=

Maybe I am just being paranoid but this doesn't give me a good feeling...

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: