[Dshield] Port 135
pandry at wolverinefreight.ca
Wed Oct 16 12:00:23 GMT 2002
Too arbitrary. This could easily result in a DOS attack using your ids
Jon R. Kibler wrote:
>You know, a public domain version of this tool, used to send text-only messages, could be quite useful!
>Q: What is the biggest problem we have dealing with infected systems?
>A: Contacting the actual admin of the system.
>Thus, my idea:
>Almost any system insecure enough to be infected by Nimda, SQLSnake, etc. is probably insecure enough to have Port 135 open. Therefore, we could take a public domain version of the spam tool described in this article, integrate it into our IDSes, and when we get hit by an infected system, blast back to the system console a Pop-Up Message along the lines of "Hey dummy, your system is infected by [insert parasite name]. How about doing a better job of securing your systems?". At least would would then know that someone knows about the infected system!
>Just a thought... a little perverse thought maybe, but a thought just the same.
>Charleston, SC USA
>>Getting suspicious hits on port 135? This may explain it. A new breed
>>of spam slam.
>Dshield mailing list
>Dshield at dshield.org
>To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
More information about the list