lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4196625A.1080608@immunitysec.com>
From: dave at immunitysec.com (Dave Aitel)
Subject: TCP Port 42 port scans?  What the heck over...

Port 42 is WINS.EXE - there are at least 3 exploits circulating for it 
that I know of... For more information, check the advisory on our 
website which has detailed technical information. Currently, the only 
real solution is to disable the service.

(www.immunitysec.com)

thanks,
Dave Aitel
Immunity, Inc.

James Lay wrote:

>Here they be.  ODD.  Anyone else seeing this?
>
>Dec 13 06:41:49 gateway kernel: Web netrecall drops:IN=br0 OUT=br0
>PHYSIN=eth1 PHYSOUT=eth0 SRC=131.252.116.141 DST=10.1.19.1 LEN=40 TOS=0x00
>PREC=0x00 TTL=116 ID=57370 DF PROTO=TCP SPT=6000 DPT=42 WINDOW=65535
>RES=0x00 SYN URGP=0  
>Dec 13 06:41:49 gateway kernel: Web1 drops:IN=br0 OUT=br0 PHYSIN=eth1
>PHYSOUT=eth0 SRC=131.252.116.141 DST=10.1.18.1 LEN=40 TOS=0x00 PREC=0x00
>TTL=116 ID=57370 DF PROTO=TCP SPT=6000 DPT=42 WINDOW=65535 RES=0x00 SYN
>URGP=0  
>Dec 13 06:41:49 gateway kernel: Web netrecall drops:IN=br0 OUT=br0
>PHYSIN=eth1 PHYSOUT=eth0 SRC=131.252.116.141 DST=10.1.19.4 LEN=40 TOS=0x00
>PREC=0x00 TTL=116 ID=57370 DF PROTO=TCP SPT=6000 DPT=42 WINDOW=65535
>RES=0x00 SYN URGP=0  
>Dec 13 06:41:49 workbox kernel: IN=eth0 OUT=
>MAC=00:60:97:a5:76:36:00:10:7b:90:bc:30:08:00 SRC=131.252.116.141
>DST=10.1.200.10 LEN=40 TOS=0x00 PREC=0x00 TTL=116 ID=57370 DF PROTO=TCP
>SPT=6000 DPT=42 WINDOW=65535 RES=0x00 SYN URGP=0 
>Dec 13 06:41:49 gateway kernel: Web netrecall drops:IN=br0 OUT=br0
>PHYSIN=eth1 PHYSOUT=eth0 SRC=131.252.116.141 DST=10.1.19.7 LEN=40 TOS=0x00
>PREC=0x00 TTL=116 ID=57370 DF PROTO=TCP SPT=6000 DPT=42 WINDOW=65535
>RES=0x00 SYN URGP=0  
>Dec 13 06:41:49 gateway kernel: X12 drops:IN=br0 OUT=br0 PHYSIN=eth1
>PHYSOUT=eth0 SRC=131.252.116.141 DST=10.1.20.14 LEN=40 TOS=0x00 PREC=0x00
>TTL=116 ID=57370 DF PROTO=TCP SPT=6000 DPT=42 WINDOW=65535 RES=0x00 SYN
>URGP=0  
>Dec 13 06:41:49 gateway kernel: Web netrecall drops:IN=br0 OUT=br0
>PHYSIN=eth1 PHYSOUT=eth0 SRC=131.252.116.141 DST=10.1.19.2 LEN=40 TOS=0x00
>PREC=0x00 TTL=116 ID=57370 DF PROTO=TCP SPT=6000 DPT=42 WINDOW=65535
>RES=0x00 SYN URGP=0  
>Dec 13 06:41:49 gateway kernel: Htpedi drops:IN=br0 OUT=br0 PHYSIN=eth1
>PHYSOUT=eth0 SRC=131.252.116.141 DST=10.1.20.17 LEN=40 TOS=0x00 PREC=0x00
>TTL=116 ID=57370 DF PROTO=TCP SPT=6000 DPT=42 WINDOW=65535 RES=0x00 SYN
>URGP=0  
>Dec 13 06:41:49 gateway kernel: Edirecall drops:IN=br0 OUT=br0 PHYSIN=eth1
>PHYSOUT=eth0 SRC=131.252.116.141 DST=10.1.20.12 LEN=40 TOS=0x00 PREC=0x00
>TTL=116 ID=57370 DF PROTO=TCP SPT=6000 DPT=42 WINDOW=65535 RES=0x00 SYN
>URGP=0 
>
>
>
>James Lay
>Network Manager/Security Officer
>AmeriBen Solutions/IEC Group
>Deo Gloria!!!
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.netsys.com/full-disclosure-charter.html
>  
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ