nanog mailing list archives
Re: Possible New Zero Day Microsoft Windows 3389 vulnerability - outbound traffic 3389
From: Alex Brooks <askoorb+nanog () gmail com>
Date: Fri, 13 Jan 2012 13:38:44 +0000
Hello, On Fri, Jan 13, 2012 at 12:36 PM, James Braunegg <james.braunegg () micron21 com> wrote:
Hey All, Just posting to see if anyone has seen any strange outbound traffic on port 3389 from Microsoft Windows Server over the last few hours. We witnessed an alarming amount of completely independent Microsoft Windows Servers, each on separate vlan and subnets (ie all /30 and /29 allocations) with separate gateways on and completely separate customers, but all services were within the same 1.x.x.x/16 allocation all simultaneously send around 2mbit or so data to a specific target IP address.
Have you contacted Microsoft yet? https://support.microsoft.com/oas/default.aspx?gprid=1163&st=1&wfxredirect=1&sd=gn If you have a support contract (which you probably do) you'll get a very quick response if you choose the "security" option. Whatever you do, do let everyone know what the problem turns out to be. Alex
Current thread:
- Possible New Zero Day Microsoft Windows 3389 vulnerability - outbound traffic 3389 James Braunegg (Jan 13)
- RE: Possible New Zero Day Microsoft Windows 3389 vulnerability - outbound traffic 3389 Erik Soosalu (Jan 13)
- RE: Possible New Zero Day Microsoft Windows 3389 vulnerability - outbound traffic 3389 James Braunegg (Jan 13)
- RE: Possible New Zero Day Microsoft Windows 3389 vulnerability - outbound traffic 3389 Erik Soosalu (Jan 13)
- RE: Possible New Zero Day Microsoft Windows 3389 vulnerability - outbound traffic 3389 James Braunegg (Jan 13)
- Re: Possible New Zero Day Microsoft Windows 3389 vulnerability - outbound traffic 3389 Alex Brooks (Jan 13)
- Re: Possible New Zero Day Microsoft Windows 3389 vulnerability - outbound traffic 3389 Mark Keymer (Jan 13)
- RE: Possible New Zero Day Microsoft Windows 3389 vulnerability - outbound traffic 3389 Erik Soosalu (Jan 13)