[Dshield] MS Term Services
David.Watson at ioko.com
Wed Sep 3 13:37:40 GMT 2003
Could be related to the recent release of TSGrinder?
David Watson Voice: +44 1904 438000
Technical Architect Fax: +44 1904 435450
Ioko365 Email: david.watson at ioko.com
> -----Original Message-----
> From: Coxe, John B. [mailto:JOHN.B.COXE at saic.com]
> Sent: 03 September 2003 00:30
> To: Dshield List (E-mail)
> Subject: [Dshield] MS Term Services
> Noticed a huge ramp up today in the port 3389 hits. The peak so far
> at incidents.org and dshield.org is comparable to the one a month ago.
> However, the targets/sources ration is around 1300, markedly higher
> normal (10-20) and about double the case a month ago when it was high.
> might suspect this is an attempt to find seed systems for a 9/11 DoS
> SoBig expires 9/10 and the next launch is expected on 9/11. The
> seems to be practically exclusively Italy right now.
> The vulnerability I know about goes back to NT4 in '99, before y2k.
> doesn't support NT4 anymore, but the hot fix may still be available
> them. Nonetheless, anyone irresponsible enough to be running a system
> has a 4 year old vulnerability like that isn't hunting down hot fixes.
> Anyone know of any recent exploits against terminal services under W2K
> and/or WXP?
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:
More information about the list