[Dshield] Port 135

Patrick Andry pandry at wolverinefreight.ca
Wed Oct 16 12:00:23 GMT 2002


Too arbitrary.  This could easily result in a DOS attack using your ids 
tool.

Jon R. Kibler wrote:

>You know, a public domain version of this tool, used to send text-only messages, could be quite useful!
>
>Q: What is the biggest problem we have dealing with infected systems? 
>A: Contacting the actual admin of the system. 
>
>Thus, my idea:
>Almost any system insecure enough to be infected by Nimda, SQLSnake, etc. is probably insecure enough to have Port 135 open. Therefore, we could take a public domain version of the spam tool described in this article, integrate it into our IDSes, and when we get hit by an infected system, blast back to the system console a Pop-Up Message along the lines of "Hey dummy, your system is infected by [insert parasite name]. How about doing a better job of securing your systems?". At least would would then know that someone knows about the infected system!
>
>Just a thought... a little perverse thought maybe, but a thought just the same.
>
>Jon Kibler
>A.S.E.T., Inc.
>Charleston, SC  USA
>
>Roger wrote:
>  
>
>>Getting  suspicious hits on port 135?  This may explain it.  A new breed
>>of spam slam.
>>
>>http://www.wired.com/news/technology/0,1282,55795,00.html
>>
>>    
>>
>
>_______________________________________________
>Dshield mailing list
>Dshield at dshield.org
>To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
>  
>




More information about the list mailing list