[Dshield] MS04-007 exploit

Joseph Stahley 3rd jestahley3 at cox.net
Sun Feb 15 00:39:17 GMT 2004


Hmm looks like I got hammered with this exploit last nite (2-13) 9pm pst
when I got a lot of probes from ports 135 and 445,averaged 400 probes per
hour for about 3 hours then it died down to about 50, and finally about 10am
pst this morning it was down to 5 or 6 an hour. It appeared mostly  from
sites in asia (it would have been around 1pm or 2pm in some parts of asia).

Curious thing I live in San Diego, CA and got a lot of probing from Asia,
was wondering if you east coast guys will get this from europe based or asia
based ip addresses.

Joe

-----Original Message-----
From: list-bounces at dshield.org [mailto:list-bounces at dshield.org] On Behalf
Of Johannes B. Ullrich
Sent: Saturday, February 14, 2004 4:23 PM
To: list at dshield.org
Subject: [Dshield] MS04-007 exploit


just a quick note that a DOS exploit is out for the ASN vulnerability.
Works nicely. More will be posted to the diary at http://isc.sans.org
shortly.

This is the last warning to patch your systems. The exploit is not far from
"running arbitrary code". Looks like so far its mostly targeting port 445
tcp.

-- 
CTO SANS Internet Storm Center               http://isc.sans.org
phone: (617) 837 2807                          jullrich at sans.org 

contact details: http://johannes.homepc.org/contact.htm





More information about the list mailing list