|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: UDP port 1026 probe?
From: James C Slora Jr (Jim.Slora
phra.com)
Date: Mon Apr 18 2005 - 10:59:43 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Kero-Chan III wrote Sunday, April 17, 2005 10:08 PM
> I saw a big increase in UDP packets sent to port 1026 (and 1027
occasionally)...
> $ nc -l -p 1026 -u -v
> listening on [any] 1026 ...
> 61.235.154.90: inverse host lookup failed: Unknown host connect to
[my.ip.addr] from
> (UNKNOWN) [61.235.154.90] 36240 (ø{ZÿÐ(c)²ÀO¶æüÿÿÿÿ{STOPALERT77STOP!
WINDOWS REQUIRES
> IMMEDIATE ATTENTION.
> Windows has found 47 Critical Errors.
> To fix the errors please do the following:
> 1. Download Registry Repair from: www.reg-patch.com 2. Install Registry
Repair 3. Run > Registry Repair 4. Reboot your computer FAILURE TO ACT NOW
MAY LEAD TO DATA LOSS AND > CORRUPTION!
> What is this? ICQ buffer overflow? Or something totally different?
This looks like just Messenger spam. It is designed to pop up a message on
the target's Windows desktop. The messages commonly promote malware
disguised as legitimate utilities. They send commonly these to any or all of
1025 through 1029, since Windows creates a listener on one of the low
dynamic ports. Usually I see an accompanying attempt against UDP 137 with
the same content.
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]