[Dshield] MS04-007 exploit

Joseph Stahley 3rd jestahley3 at cox.net
Sun Feb 15 02:27:35 GMT 2004

Seeing jump in 135 and 445 as of right now..was down to 5 probes an hour
after reaching peak of 400 last night..as of 6pm pst tonite it's back up to
60 probes per hour..Mind you I have a linksys befsr41 router, and 1 win2k
pro and 1 winxp pro machine, not running IIS server on any of them, netbios
disabled over tcp/ip and no ms file or print sharing on what so ever., all
patches on and all virus up2date and It looks like I'm starting to get
hammered again. Noteables tonight are ameritech.net, swbell.net,
pacbell.net,cox.net, and rr.com . 


-----Original Message-----
From: list-bounces at dshield.org [mailto:list-bounces at dshield.org] On Behalf
Of Jim Race
Sent: Saturday, February 14, 2004 5:37 PM
To: General DShield Discussion List
Subject: Re: [Dshield] MS04-007 exploit

Johannes B. Ullrich wrote:

> just a quick note that a DOS exploit is out for the ASN vulnerability.
> Works nicely. More will be posted to the diary at http://isc.sans.org 
> shortly.
> This is the last warning to patch your systems. The exploit is not far 
> from "running arbitrary code". Looks like so far its mostly targeting 
> port 445 tcp.


I noted that both 139 and 445 were considered likely entry vectors. Are you
guys seeing a corresponding rise in the dshield log submissions? I ask,
because I don't see that in your graphs...


list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:

More information about the list mailing list