[Dshield] Where are they getting their information?

Joe Stewart jstewart at lurhq.com
Fri Jun 24 18:45:22 GMT 2005


On Friday 24 June 2005 02:18 pm, Fergie (Paul Ferguson) wrote:
> Actually, there already is:
>
> Microsoft Server Message Block (SMB) Remote Exploit (MS05-011)
> Date : 23/06/2005
> Rated: Critical
>
> http://www.frsirt.com/exploits/20050623.mssmb_poc.c.php

It wouldn't make sense to scan port 445 in anticipation of using this 
exploit. This code requires the attacker to act as an SMB server, not a 
client. And it's only a DoS at this point (system crash). And not a 
particularly reliable one.

-Joe

-- 
Joe Stewart, GCIH 
Senior Security Researcher
LURHQ http://www.lurhq.com/


More information about the list mailing list