[Dshield] MS Term Services

David Watson David.Watson at ioko.com
Wed Sep 3 13:37:40 GMT 2003


Could be related to the recent release of TSGrinder?




David Watson           Voice: +44 1904 438000
Technical Architect    Fax:   +44 1904 435450
Ioko365       Email: david.watson at ioko.com

> -----Original Message-----
> From: Coxe, John B. [mailto:JOHN.B.COXE at saic.com]
> Sent: 03 September 2003 00:30
> To: Dshield List (E-mail)
> Subject: [Dshield] MS Term Services
> Noticed a huge ramp up today in the port 3389 hits.  The peak so far
> at incidents.org and dshield.org is comparable to the one a month ago.
> However, the targets/sources ration is around 1300, markedly higher
> normal (10-20) and about double the case a month ago when it was high.
> One
> might suspect this is an attempt to find seed systems for a 9/11 DoS
> attack.
> SoBig expires 9/10 and the next launch is expected on 9/11.  The
> seems to be practically exclusively Italy right now.
> The vulnerability I know about goes back to NT4 in '99, before y2k.
> doesn't support NT4 anymore, but the hot fix may still be available
> them.  Nonetheless, anyone irresponsible enough to be running a system
> that
> has a 4 year old vulnerability like that isn't hunting down hot fixes.
> Anyone know of any recent exploits against terminal services under W2K
> and/or WXP?
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list

More information about the list mailing list