Security Incidents mailing list archives
Re: Scans on TCP port 135
From: Dave Aitel <dave () immunitysec com>
Date: Fri, 21 Feb 2003 17:00:59 -0500
Yeah, actually, they probably arn't trying to exploit that. In fact, SecurityFocus is a little confused about the difference between that and my new DoS's, (plonk and the netbios kernel leak), which are 2 other completely different things. There's no point in scanning for them though. If you were going to use them, you'd just use them. :> -dave On 20 Feb 2003 21:12:04 -0000 Kevin Patz <jambo_cat () yahoo com> wrote:
Starting in late October 2002, I've been seeing occasional scans on TCP port 135 on my box. I also see UDP scans on this port, and I know these are Windows Messenger spam attempts, but I am wondering what the TCP scans are for. Could they be attempting to exploit this: "Vulnerability: RPC Service DoS (port 135/tcp) on Windows 2000 SP3" which I read about here: http://www.securityfocus.com/archive/1/296114 Is it this, or could it be something else? Is it possible to send Messenger spam via TCP/135? KJP --------------------------------------------------------------------- ------- Do you know the base address of the Global Offset Table (GOT) on a Solaris 8 box? CORE IMPACT does. www.securityfocus.com/core
---------------------------------------------------------------------------- Do you know the base address of the Global Offset Table (GOT) on a Solaris 8 box? CORE IMPACT does. www.securityfocus.com/core
Current thread:
- Scans on TCP port 135 Kevin Patz (Feb 20)
- Re: Scans on TCP port 135 Dave Aitel (Feb 21)