[Dshield] US-CERT advisory details H.323 vulns

Pete Cap peteoutside at yahoo.com
Thu Jan 15 15:03:38 GMT 2004


Greetings,
 
For the two or three listwatchers who /don't/ monitor US-CERT...
http://www.cert.org/advisories/CA-2004-01.html
H.323 = VoIP, videoconferencing, Session Initiation Protocol, Media Gateway Control Protocol, etc.
The vulnerabilities are related to SNMP vulns discovered in August 2002.
 
It's all in the brief.

The ports concerned are 1718, 1719, and 1720.
 
I took a look at DShield and noticed that all three ports have seen significantly elevated activity in the past few days...breakdown is as follows.
1. On the 11th, all ports saw significant spikes in the number of Sources.
2. On the 13th and 14th, saw a significant number of Records for ports 1718 and 1719, respectively.  Expect port 1720 records to peak around 220 or so today.
3. No significant change in the number of targets
 
Analysis:
Given that the number of targets has not changed much, it doesn't seem likely that very many entities are scanning for this service...however, there is elevated traffic and so I'm going to keep my eye on it just for grins.
 
Regards,
Pete


---------------------------------
Do you Yahoo!?
Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes


More information about the list mailing list