lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20030730012836.GNJJ18458.lakecmmtao02.coxmail.com@vaio>
From: andy at digitalindustry.org (Andy Wood)
Subject: DCOM RPC exploit  (dcom.c)

> FYI, Incidents.org reports: "Widespread scans for unpatched Windows 
> machines underway (RPC vulnerability). Patch systems and block ports
> 135-139 & 445". 

	NetBIOS Scans haven't necessarily increased.  I can't believe that
any port is more sought out than NetBIOS.  I see 139 and 445 more than any
other port, and it has been that way for more than 2 years.  But it isn't
without good reason....if you get probed for 139 or 445, probe back; 8 out
of 10 times it is open, and that system is infected with a worm.  Then hit
'em with a smbclient or Winfingerprint, get that password policy and
username/share list, find the weak password and welcome to their
network......or dcom.c, that works too.

	Andy


-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Knud Erik
H?jgaard
Sent: Tuesday, July 29, 2003 8:14 PM
To: Peter Kruse; full-disclosure@...ts.netsys.com

Peter Kruse wrote:

> FYI, Incidents.org reports: "Widespread scans for unpatched Windows 
> machines underway (RPC vulnerability). Patch systems and block ports
> 135-139 & 445".
>
> This might be caused by several tools in the hands of kiddies probing 
> IP?s for vulnerable systems. This could also be caused by a worm 
> making it?s first round crashing and exploiting boxes. I guess time 
> will tell.

when it strikes, it won't be silent.

> BTW - nothing here, it?s all quite around my firewalls.

quiets? wait and see.

--
kokasviiijn

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.504 / Virus Database: 302 - Release Date: 7/24/2003
 

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.504 / Virus Database: 302 - Release Date: 7/24/2003

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ