-
August 4th, 2003, 08:03 PM
#11
A lot of poeple were fearing a worm based on the RPC exploit. That could be what you see or
maybe a kiddie on cable who's scanning his subnet.
-
August 4th, 2003, 08:38 PM
#12
Member
Port 135 scan report
SANS has the Internet Storm Center, where they publish info they gather. The scan report for port 135 is HERE and you can really see the increase in scan against 135, since the exploit code was released just over a week ago.
-
August 4th, 2003, 08:43 PM
#13
omalakai: Good work..... Nice to see that the sources are not increasing though. It implies the success rate is not great.
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
August 4th, 2003, 08:57 PM
#14
Could be that someone's compromising or cataloging a LOT of machines out there though.
I've got a bad feeling about this one. My hunch is that when the worm does come, and I'm convinced that it will, that it will be a blended attack of a peer-to-peer worm exploiting the RPC flaw, plus a mass-mailer that will be able to drop a worm inside corporate firewalls. So, if you're reliant on the firewall to keep it out, basically you're in deep trouble. I guess the most effective email-based virus at the moment is Sobig, so if you ride piggyback on a variant of that, then you've got a good chance of getting through.
In other words, patch everything that's safe to patch and keep an eye the situation as it develops.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|