[Dshield] US-CERT advisory details H.323 vulns

Pete Cap peteoutside at yahoo.com
Thu Jan 15 17:33:50 GMT 2004

Info regarding the vulnerabilites was already mirrored in the handler's diary on 13th January.  Disregard.  The analysis, however, stands :)


Pete Cap <peteoutside at yahoo.com> wrote:

For the two or three listwatchers who /don't/ monitor US-CERT...
H.323 = VoIP, videoconferencing, Session Initiation Protocol, Media Gateway Control Protocol, etc.
The vulnerabilities are related to SNMP vulns discovered in August 2002.

It's all in the brief.

The ports concerned are 1718, 1719, and 1720.

I took a look at DShield and noticed that all three ports have seen significantly elevated activity in the past few days...breakdown is as follows.
1. On the 11th, all ports saw significant spikes in the number of Sources.
2. On the 13th and 14th, saw a significant number of Records for ports 1718 and 1719, respectively. Expect port 1720 records to peak around 220 or so today.
3. No significant change in the number of targets

Given that the number of targets has not changed much, it doesn't seem likely that very many entities are scanning for this service...however, there is elevated traffic and so I'm going to keep my eye on it just for grins.


Do you Yahoo!?
Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list

Do you Yahoo!?
Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes

More information about the list mailing list