What do the ping/syn packets look like? Perhaps a specific IDS rule can be thrown together for them?
-Moeser ----- Original Message ----- From: JonesMB <[EMAIL PROTECTED]> To: <[email protected]> Sent: Friday, June 29, 2001 1:30 PM Subject: new exploit - ping/137/27374 ? > is there a new exploit script that starts with a ping, followed by attempts > at connecting to port 137, followed by 27374. I have seen a big increase > in this in my ipchains logs this week. I have also noticed that attempts > at port 111 have almost disappeared. > > jmb > > PS - before any educates me on the port numbers being used in the attempts, > I know that 111 is for RPC exploits, 137 is for Netbios SMB and 27374 is > for SubSeven. > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > >
