WINS Vulnerability announced over Thanksgiving: http://www.immunitysec.com/downloads/instantanea.pdf
People are looking for WINS Servers. I hope everyone has ingress filters preventing WINS access from the Internet... -Dave Killion > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf > Of James Lay > Sent: Monday, December 13, 2004 5:47 AM > To: Full-Disclosure (E-mail) > Subject: [Full-Disclosure] TCP Port 42 port scans? What the > heck over... > > Here they be. ODD. Anyone else seeing this? > > Dec 13 06:41:49 gateway kernel: Web netrecall drops:IN=br0 OUT=br0 > PHYSIN=eth1 PHYSOUT=eth0 SRC=131.252.116.141 DST=10.1.19.1 > LEN=40 TOS=0x00 PREC=0x00 TTL=116 ID=57370 DF PROTO=TCP > SPT=6000 DPT=42 WINDOW=65535 RES=0x00 SYN URGP=0 Dec 13 > 06:41:49 gateway kernel: Web1 drops:IN=br0 OUT=br0 > PHYSIN=eth1 PHYSOUT=eth0 SRC=131.252.116.141 DST=10.1.18.1 > LEN=40 TOS=0x00 PREC=0x00 > TTL=116 ID=57370 DF PROTO=TCP SPT=6000 DPT=42 WINDOW=65535 > RES=0x00 SYN URGP=0 Dec 13 06:41:49 gateway kernel: Web > netrecall drops:IN=br0 OUT=br0 > PHYSIN=eth1 PHYSOUT=eth0 SRC=131.252.116.141 DST=10.1.19.4 > LEN=40 TOS=0x00 PREC=0x00 TTL=116 ID=57370 DF PROTO=TCP > SPT=6000 DPT=42 WINDOW=65535 RES=0x00 SYN URGP=0 Dec 13 > 06:41:49 workbox kernel: IN=eth0 OUT= > MAC=00:60:97:a5:76:36:00:10:7b:90:bc:30:08:00 > SRC=131.252.116.141 DST=10.1.200.10 LEN=40 TOS=0x00 PREC=0x00 > TTL=116 ID=57370 DF PROTO=TCP SPT=6000 DPT=42 WINDOW=65535 > RES=0x00 SYN URGP=0 Dec 13 06:41:49 gateway kernel: Web > netrecall drops:IN=br0 OUT=br0 > PHYSIN=eth1 PHYSOUT=eth0 SRC=131.252.116.141 DST=10.1.19.7 > LEN=40 TOS=0x00 PREC=0x00 TTL=116 ID=57370 DF PROTO=TCP > SPT=6000 DPT=42 WINDOW=65535 RES=0x00 SYN URGP=0 Dec 13 > 06:41:49 gateway kernel: X12 drops:IN=br0 OUT=br0 PHYSIN=eth1 > PHYSOUT=eth0 SRC=131.252.116.141 DST=10.1.20.14 LEN=40 > TOS=0x00 PREC=0x00 > TTL=116 ID=57370 DF PROTO=TCP SPT=6000 DPT=42 WINDOW=65535 > RES=0x00 SYN URGP=0 Dec 13 06:41:49 gateway kernel: Web > netrecall drops:IN=br0 OUT=br0 > PHYSIN=eth1 PHYSOUT=eth0 SRC=131.252.116.141 DST=10.1.19.2 > LEN=40 TOS=0x00 PREC=0x00 TTL=116 ID=57370 DF PROTO=TCP > SPT=6000 DPT=42 WINDOW=65535 RES=0x00 SYN URGP=0 Dec 13 > 06:41:49 gateway kernel: Htpedi drops:IN=br0 OUT=br0 > PHYSIN=eth1 PHYSOUT=eth0 SRC=131.252.116.141 DST=10.1.20.17 > LEN=40 TOS=0x00 PREC=0x00 > TTL=116 ID=57370 DF PROTO=TCP SPT=6000 DPT=42 WINDOW=65535 > RES=0x00 SYN URGP=0 Dec 13 06:41:49 gateway kernel: Edirecall > drops:IN=br0 OUT=br0 PHYSIN=eth1 PHYSOUT=eth0 > SRC=131.252.116.141 DST=10.1.20.12 LEN=40 TOS=0x00 PREC=0x00 > TTL=116 ID=57370 DF PROTO=TCP SPT=6000 DPT=42 WINDOW=65535 > RES=0x00 SYN URGP=0 > > > > James Lay > Network Manager/Security Officer > AmeriBen Solutions/IEC Group > Deo Gloria!!! > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > > --- > Incoming mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.808 / Virus Database: 550 - Release Date: 12/8/2004 > > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
