[Dshield] MS Term Services

David Watson David.Watson at ioko.com
Wed Sep 3 13:37:40 GMT 2003


John,

Could be related to the recent release of TSGrinder?

http://www.hammerofgod.com/download/tsgrinder-2.03.zip

Thanks,

David

David Watson           Voice: +44 1904 438000
Technical Architect    Fax:   +44 1904 435450
Ioko365       Email: david.watson at ioko.com
 

> -----Original Message-----
> From: Coxe, John B. [mailto:JOHN.B.COXE at saic.com]
> Sent: 03 September 2003 00:30
> To: Dshield List (E-mail)
> Subject: [Dshield] MS Term Services
> 
> Noticed a huge ramp up today in the port 3389 hits.  The peak so far
today
> at incidents.org and dshield.org is comparable to the one a month ago.
> However, the targets/sources ration is around 1300, markedly higher
than
> normal (10-20) and about double the case a month ago when it was high.
> One
> might suspect this is an attempt to find seed systems for a 9/11 DoS
> attack.
> SoBig expires 9/10 and the next launch is expected on 9/11.  The
target
> seems to be practically exclusively Italy right now.
> 
> The vulnerability I know about goes back to NT4 in '99, before y2k.
M$
> doesn't support NT4 anymore, but the hot fix may still be available
from
> them.  Nonetheless, anyone irresponsible enough to be running a system
> that
> has a 4 year old vulnerability like that isn't hunting down hot fixes.
> Anyone know of any recent exploits against terminal services under W2K
> and/or WXP?
> 
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list