[Dshield] shellcode detect on port 135
mike.blomgren at secode.com
Thu Aug 21 15:11:37 GMT 2003
No offense intended. 'Cry Wolf' was maybe a bit harsh wording from my
point... Using NOOP's as 'Shellcode detection' is just a very common
source of false positives.
Judging by the packet trace in the previous e-mails, there is an attempt
to access a file on an administrative share:
C$\123456111111111111111.doc, represented in unicode.
And searching for the string '123456111111111111111' on Google turns
"LSD's Buffer Overrun in Windows RPC Interface". Sounde like a problem
More information about the list