[Dshield] MS04-007 exploit

Joseph Stahley 3rd jestahley3 at cox.net
Sun Feb 15 00:39:17 GMT 2004

Hmm looks like I got hammered with this exploit last nite (2-13) 9pm pst
when I got a lot of probes from ports 135 and 445,averaged 400 probes per
hour for about 3 hours then it died down to about 50, and finally about 10am
pst this morning it was down to 5 or 6 an hour. It appeared mostly  from
sites in asia (it would have been around 1pm or 2pm in some parts of asia).

Curious thing I live in San Diego, CA and got a lot of probing from Asia,
was wondering if you east coast guys will get this from europe based or asia
based ip addresses.


-----Original Message-----
From: list-bounces at dshield.org [mailto:list-bounces at dshield.org] On Behalf
Of Johannes B. Ullrich
Sent: Saturday, February 14, 2004 4:23 PM
To: list at dshield.org
Subject: [Dshield] MS04-007 exploit

just a quick note that a DOS exploit is out for the ASN vulnerability.
Works nicely. More will be posted to the diary at http://isc.sans.org

This is the last warning to patch your systems. The exploit is not far from
"running arbitrary code". Looks like so far its mostly targeting port 445

CTO SANS Internet Storm Center               http://isc.sans.org
phone: (617) 837 2807                          jullrich at sans.org 

contact details: http://johannes.homepc.org/contact.htm

More information about the list mailing list