[Intrusions] Port Scanning on 1026 & 1027

mdwyer at timestreamtech.com mdwyer at timestreamtech.com
Thu Jul 28 19:03:16 GMT 2005


Ah, but who watches the Watchmen?  Today's handler's diary recommends that
you patch up your Ethereal to prevent IT from being an avenue for attack.

"Upgrade to 0.10.12. Right now! Or at least before you need to use
ethereal again. Due to the severity and scope of the defects that have
been discovered, no workaround is available."
http://www.ethereal.com/appnotes/enpa-sa-00020.html


> If you truly are worried about this port scanning, just run a sniffer like
> Ethereal and see what's actually happening. Could be nothing, could be
> something.
>
> Good luck.
>
>
> Cheers,
>
> Dan Parmelee
>
> -----Original Message-----
> From: intrusions-bounces at lists.sans.org
> [mailto:intrusions-bounces at lists.sans.org] On Behalf Of Smith, Donald
> Sent: Thursday, July 28, 2005 10:58 AM
> To: Intrusions List (GCIA Practicals); Intrusions List (GCIA Practicals)
> Subject: Re: [Intrusions] Port Scanning on 1026 & 1027
>
> I believe your correct re: xpsp2 but there are TONS of other windows
> systems
> out there.
> Old exploits continue to be used because they work:)
>
>
> donald.smith at qwest.com giac
>
> ________________________________
>
> From: intrusions-bounces at lists.sans.org on behalf of Dan Parmelee
> Sent: Wed 7/27/2005 5:05 PM
> To: 'Intrusions List (GCIA Practicals)'
> Subject: Re: [Intrusions] Port Scanning on 1026 & 1027
>
>
>
> If I recall correctly, the Messenger service is disabled by default in XP
> SP2 so why are they even wasting their time? I still stand by my
> "MessengerDisable" utility.
>
>
> Cheers,
>
> Dan Parmelee
>
> -----Original Message-----
> From: intrusions-bounces at lists.sans.org
> [mailto:intrusions-bounces at lists.sans.org] On Behalf Of Smith, Donald
> Sent: Wednesday, July 27, 2005 2:02 PM
> To: Intrusions List (GCIA Practicals)
> Subject: Re: [Intrusions] Port Scanning on 1026 & 1027
>
> An increase in scanning on those ports is noticeable here.
> http://isc.sans.org/port_details.php?port=1026
> http://isc.sans.org/port_details.php?port=1027
>
> Its not a huge increase but has an upward trend.
>
>
> Donald.Smith at qwest.com giac
>
>> -----Original Message-----
>> From: intrusions-bounces at lists.sans.org
>> [mailto:intrusions-bounces at lists.sans.org] On Behalf Of Tony Tomasello
>> Sent: Tuesday, July 26, 2005 1:15 PM
>> To: intrusions at lists.sans.org
>> Subject: [Intrusions] Port Scanning on 1026 & 1027
>>
>>
>> Guys,
>>
>> I have noticed a tremendous amount of scanning on ports 1026 and 1027.
>> Not sure if you all have been experiencing the same. Is this something
>> that I should be concerned about ?
>>
>> Thanks,
>> Tony T.
>>
>>
>> _______________________________________________
>> Intrusions mailing list
>> Intrusions at lists.sans.org
>> http://www.dshield.org/mailman/listinfo/intrus> ions
>>
>
> _______________________________________________
> Intrusions mailing list
> Intrusions at lists.sans.org
> http://www.dshield.org/mailman/listinfo/intrusions
>
> _______________________________________________
> Intrusions mailing list
> Intrusions at lists.sans.org
> http://www.dshield.org/mailman/listinfo/intrusions
>
>
>
> _______________________________________________
> Intrusions mailing list
> Intrusions at lists.sans.org
> http://www.dshield.org/mailman/listinfo/intrusions
>
> _______________________________________________
> Intrusions mailing list
> Intrusions at lists.sans.org
> http://www.dshield.org/mailman/listinfo/intrusions
>




More information about the Intrusions mailing list