Re: Scans on TCP port 135

[Dave Aitel <dave () immunitysec com>]

Yeah, actually, they probably arn't trying to exploit that. In fact,
SecurityFocus is a little confused about the difference between that and
my new DoS's, (plonk and the netbios kernel leak), which are 2 other
completely different things.

There's no point in scanning for them though. If you were going to use
them, you'd just use them. :>

-dave


On 20 Feb 2003 21:12:04 -0000
Kevin Patz <jambo_cat () yahoo com> wrote:

> Starting in late October 2002, I've been seeing 
> occasional scans on TCP port 135 on my box.  I also 
> see UDP scans on this port, and I know these are 
> Windows Messenger spam attempts, but I am wondering 
> what the TCP scans are for.
>
> Could they be attempting to exploit 
> this: "Vulnerability: RPC Service DoS (port 135/tcp) 
> on Windows 2000 SP3" which I read about here: 
>
> http://www.securityfocus.com/archive/1/296114
>
> Is it this, or could it be something else?  Is it 
> possible to send Messenger spam via TCP/135?
>
>   KJP
>
> ---------------------------------------------------------------------
> -------
>
> Do you know the base address of the Global Offset Table (GOT) on a
> Solaris 8 box?
> CORE IMPACT does.
> www.securityfocus.com/core

----------------------------------------------------------------------------

Do you know the base address of the Global Offset Table (GOT) on a Solaris 8
box?
CORE IMPACT does.
www.securityfocus.com/core