|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: Exploit for Windows RPC may be in the wild!
From: Sumit (scorpio_chaser
yahoo.co.uk)
Date: Tue Jul 29 2003 - 06:47:17 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Does any one have working Exploit for "[NT] Buffer Overrun in RPC
Interface Could Allow Code Execution"
To be Specific Win NT 4.0
With Regard,
Sc0rPiO
"Nature knows no indecencies; man invents them."
-----Original Message-----
From: James C. Slora, Jr. [mailto:Jim.Sloraphra.com]
Sent: Monday, July 28, 2003 11:46 PM
To: incidentssecurityfocus.com
Subject: RE: Exploit for Windows RPC may be in the wild!
tEA-TiME wrote Sunday, July 27, 2003 6:34 PM
> There could be another explanation for the flow of traffic to port
135. Many
> programs being released now for using the NET SEND command to
advertise,
> come with a built in "scanner" to see if the host is active beore
wasting
> the time sending the whole message. Some of these software makers also
> suggest getting a port scanner and just scanning ports 135, 137, 138,
139,
> and 445 to see if a host is running and accepting NET messages.
Yes many could be messenger spam probes. I've seen a marked increase in
TCP 135 scanning over the past week, though. And I'm getting new scan
combos (TCP 135 and 445 with no other ports) that strongly suggest RPC
probing rather than messenger spam.
------------------------------------------------------------------------
---
------------------------------------------------------------------------
----
---------------------------------------------------------------------------
----------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]