[Dshield] Microsoft ASN.1

Lauro, John jlauro at umflint.edu
Wed Feb 11 20:28:45 GMT 2004


Was based on discussion from several sources, including bugtraq.

No idea what the probe is going to look like.  It will depend on if
it's multi-vectored or not....

> -----Original Message-----
> From: list-bounces at dshield.org 
> [mailto:list-bounces at dshield.org] On Behalf Of Paul Marsh
> Sent: Wednesday, February 11, 2004 11:18 AM
> To: General DShield Discussion List
> Subject: RE: [Dshield] Microsoft ASN.1
> 
> 
> John:
> 
>   OK now I'm even more concerned >>>>80<<<<  
> 
>   Any idea what the probe is going to look like, where did 
> you find this info?
> 
> Thanx, Paul 
> 
> > -----Original Message-----
> > From: Lauro, John [mailto:jlauro at umflint.edu]
> > Sent: Wednesday, February 11, 2004 10:52 AM
> > To: General DShield Discussion List
> > Subject: RE: [Dshield] Microsoft ASN.1
> > 
> > >From what I read....  Far more then that...
> > 
> > Don't forget 80, 443, 220, 23 (yes, NTLM over telnet if you
> > run telnet server on windows), protocol 47 (VPN), etc...  And 
> > this still is still just scratching the surface of the list...
> > 
> > > -----Original Message-----
> > > From: list-bounces at dshield.org 
> [mailto:list-bounces at dshield.org] On 
> > > Behalf Of Paul Marsh
> > > Sent: Wednesday, February 11, 2004 10:28 AM
> > > To: list at dshield.org
> > > Subject: [Dshield] Microsoft ASN.1
> > > 
> > > 
> > > I'm sure everyone has been reading the emails regarding 
> ASN.1.  I'm
> > > concerned that eEye is giving out way too much information. 
> >  I'm sure
> > > all the script kiddies are waiting with much anticipation
> > for someone
> > > (a real coder) to release the exploit in an easy to use
> > package.  From
> > > what I've read it looks like scanning should take place on
> > UDP/88 and
> > > TCP/135, 139 and 445.  I know this is premature but are
> > these the only
> > > port that are vulnerable?  Anyone what to take a guess as
> > to what the
> > > probes are going to look like?  And when?  I'd love to see
> > some of the
> > > underground chatter on this one. I'd like see how close the
> > blackhats
> > > are to creating a workable model.
> > > 
> > > Thanx, Paul
> > > 
> > > _______________________________________________
> > > list mailing list
> > > list at dshield.org
> > > To change your subscription options (or unsubscribe), see:
> > > http://www.dshield.org/mailman/listinfo/list
> > > 
> > 
> > _______________________________________________
> > list mailing list
> > list at dshield.org
> > To change your subscription options (or unsubscribe), see:
> > http://www.dshield.org/mailman/listinfo/list
> > 
> 
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see: 
> http://www.dshield.org/mailman/listinfo/list
> 




More information about the list mailing list