[Dshield] port 1026-1031 update

Chris Brenton cbrenton at chrisbrenton.org
Tue Dec 2 01:33:02 GMT 2003

Howdy Bill,

On Mon, 2003-12-01 at 19:41, Bill McCarty wrote:
> the rate 
> of increase seems exponential at the moment: In the ensuing couple of hours 
> since my earlier message, the number of targets in my own network has 
> almost doubled, increasing from 7 to 12.

Oh joy. Sounds like we have (yet another) RPC/DCOM/etc. exploit running
around. It could be pop-up ad stuff, but it just does not feel that way.
Did I hear you correctly in that the initial packets had no payload? If
so, we have two possibles:

1) Probe that will be followed by a real attack if no response is

2) Weirdness in the header info

I've setup a honeypot to try and capture some data, but given I've seen
very little of this traffic so far I'm not sure how long it will take.


More information about the list mailing list