[Intrusions] Port Scanning on 1026 & 1027
Andrew Daviel
andrew at andrew.triumf.ca
Wed Sep 7 01:25:41 GMT 2005
On Thu, 28 Jul 2005, Smith, Donald wrote:
> I believe your correct re: xpsp2 but there are TONS of other windows systems out there.
> Old exploits continue to be used because they work:)
Just got back from vacation ...
A colleague reports a Windows worm on August 25th identified as
"Hacktool" by Symantec
My network logs (300 bytes/packets or so) include a messenger packet
around the time of the worm infection. This could of course
be a total coincidence ... there is an ICMP packet saying the port was
closed.
"SYSTEM ALERT .. STOP! WINDOWS REQUIRES IMMEDIATE
ATTENTION Windows has found 47 CRITICAL SYSTEM ERRORS! To fix the
erro....."
Seeing as this arrived at 2am local I don't think a user would have
clicked "OK"
Is there anything exploiting these ports now, apart from just spam ?
--
Andrew Daviel, TRIUMF, Canada
Tel. +1 (604) 222-7376 (Pacific Time)
security at triumf.ca
More information about the Intrusions
mailing list