[Dshield] Where are they getting their information?
jstewart at lurhq.com
Fri Jun 24 18:45:22 GMT 2005
On Friday 24 June 2005 02:18 pm, Fergie (Paul Ferguson) wrote:
> Actually, there already is:
> Microsoft Server Message Block (SMB) Remote Exploit (MS05-011)
> Date : 23/06/2005
> Rated: Critical
It wouldn't make sense to scan port 445 in anticipation of using this
exploit. This code requires the attacker to act as an SMB server, not a
client. And it's only a DoS at this point (system crash). And not a
particularly reliable one.
Joe Stewart, GCIH
Senior Security Researcher
More information about the list