On Wed, 19 Mar 2003, DNSAdmin wrote: > Hello All, > > I make it a point to look at new scans when they occur. I've never seen > anything to this port before: > > Mar 18 17:05:32 brochsteins kernel: Packet log: input DENY eth0 PROTO=6 > 212.33.37.183:1315 208.21.174.23:135 L=48 S=0x00 I=614 F=0x4000 T=113 SYN (#42) > > Port 135. > > Has anyone seen this before? New Windows exploit, perhaps? From the IANA's > complute TCP/UDP portlist port 135 is: > > epmap 135 DCE endpoint resolution
on a windows box, services using DCOM or RPC woud tell the DCE end-point mapper where they are. scans for this port are nothing new, he could just be trying to see if you are a windows box running something interesting. lately, the most common activity on this port are winpopup spammers, got kind of popular quick, but i believe most people are either blocking it from outside anyway (organizations) or not running the winpopup/messenger service (home users) so perhaps the craze will go away soon. rgds, netcat _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
