| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <BAY14-F554rRHyQWwAJ000047b9@hotmail.com> From: itsleefisher at hotmail.com (Lee Fisher) Subject: Probes on port 389 This was noted on the ISC diary page yesterday Paul. Lee Fisher McAfee -Paul wrote- >I threw up a quick rule on snort to monitor probes on port 389 because I >have been seeing entries in /var/log/messages on some boxes that I am >responsible for. This morning we had a probe that hit 26205 different >IPs on that port in about 7 minutes (SYN scan only - no payload.) The >source IP was a mailserver in England. (They've been notified.) > >Shortly afterwards we had a probe from one IP to one IP. The source IP >is a Sprint PCS address. The dest IP is one of our Win2k3 DCs. > >I looked at the Internet Storm Center, and port 389 probes aren't >showing up there. I checked Securityfocus for any LDAP exploits, and >the most recent one is the Ipswitch LDAP daemon overflow. I checked for >Active Directory exploits and the most recent one is back in July of >last year. _________________________________________________________________ Tired of 56k? Get a FREE BT Broadband connection http://www.msn.co.uk/specials/btbroadband
Powered by blists - more mailing lists