Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Up and Running » Security » Security » New Worms scanning on 1025 and others
Search Topic:
 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
My Computer is in bad shape »
« How to lock the Host File?  
AuthorAll Replies


NetWatchMan
Premium,VIP
join:2001-03-13
Alpharetta, GA

reply to ghost16825
Re: New Worms scanning on 1025 and others

said by ghost16825 See Profile:
Which RPC exploit is it?
Blake: My exact question too.

Everyone has been talking about this vector (tcp/1025) as an "RPC Exploit" but I haven't seen anyone discuss the specifics of the exploit and/or which MS patch is supposed to fix it.

Any idea?
--
Lawrence Baldwin
myNetWatchman
The Internet Neighborhood Watch
to forum · permalink · · 2004-06-05 08:14:33 · Reply to this

psloss
Premium
join:2002-02-24
Alpharetta, GA
said by NetWatchMan See Profile:
Everyone has been talking about this vector (tcp/1025) as an "RPC Exploit" but I haven't seen anyone discuss the specifics of the exploit and/or which MS patch is supposed to fix it.
Based on what it looks like, it's probably one of the DCOM exploits. Using port 1025 is one of the ports that Agobot tries to exploit this. But I haven't tried to determine whether the problem is MS03-026, MS03-039, or something that was covered in the cumulative MS04-012 patch in April.

It may be that this is the same vulnerability that Blaster exploited (MS03-026), except that tcp/1025 is less likely to be filtered by consumer ISPs than MSRPC the endpoint mapper port.

Philip Sloss
--
Feedback? e-mail: stuff@lupwa.org
to forum · permalink · · 2004-06-05 13:57:07 · Reply to this
Forums » Up and Running » Security » SecurityMy Computer is in bad shape »
« How to lock the Host File?  

Monday, 23-Nov 04:03:51 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.republican-creole
page compression OFF
Most commented news this week
· [228] Weekend Open Thread
· [117] Verizon Again Hints At Metered Billing
· [98] There's Still No Evidence That Metered Billing Is Necessary
· [97] Will AOL's Implosion Ever End?
· [85] Spain Declares Broadband A Legal Right
· [75] Deploying FTTH Without Digging Things Up
· [74] Verizon To Be Tested By Unofficial Droid Tethering
· [74] Femtocells Are A No Show
· [67] Verizon To AT&T: The Truth Hurts
· [60] Chicago Tribune Visits 'Comcast University'
Most people now reading
· Best Bluray player [General Questions]
· Connecting to Google Voice Via SIP [VOIP Tech Chat]
· Sealing air ducts [Home Repair & Improvement]
· 3.x Feral Druid - Bear Tanking Guide [World of Warcraft]
· TekSavvy Price Increase? [TekSavvy]
· MLPPP and MikroTik [TekSavvy]
· Review of Netgear DGN2000 ADSL/Wireless-N modem/router [Netgear]
· Opening a file download dialog from a JavaScript function. [Webmasters and Developers]
· [How to] Install Asterisk on an Asus WL-520GU router [VOIP Tech Chat]
· GV dial with sipsorcery [VOIP Tech Chat]