> FYI, Incidents.org reports: "Widespread scans for unpatched Windows
> machines underway (RPC vulnerability). Patch systems and block ports
> 135-139 & 445".
NetBIOS Scans haven't necessarily increased. I can't believe that
any port is more sought out than NetBIOS. I see 139 and 445 more than any
other port, and it has been that way for more than 2 years. But it isn't
without good reason....if you get probed for 139 or 445, probe back; 8 out
of 10 times it is open, and that system is infected with a worm. Then hit
'em with a smbclient or Winfingerprint, get that password policy and
username/share list, find the weak password and welcome to their
network......or dcom.c, that works too.
Andy
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Knud Erik
H�jgaard
Sent: Tuesday, July 29, 2003 8:14 PM
To: Peter Kruse; [EMAIL PROTECTED]
Peter Kruse wrote:
> FYI, Incidents.org reports: "Widespread scans for unpatched Windows
> machines underway (RPC vulnerability). Patch systems and block ports
> 135-139 & 445".
>
> This might be caused by several tools in the hands of kiddies probing
> IP�s for vulnerable systems. This could also be caused by a worm
> making it�s first round crashing and exploiting boxes. I guess time
> will tell.
when it strikes, it won't be silent.
> BTW - nothing here, it�s all quite around my firewalls.
quiets? wait and see.
--
kokasviiijn
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.504 / Virus Database: 302 - Release Date: 7/24/2003
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.504 / Virus Database: 302 - Release Date: 7/24/2003
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
