republican-creole
site Search:


Home Reviews Tools Forums FAQs Find Service ISP News Maps About  
 
    All Forums Hot Topics Gallery






how-to block ads

  
Forums >

Broadband Tech > Security > Security > New Worms scanning on 1025 and others

Search Topic:
 Share Topic
Posting?
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
AuthorAll Replies


NetWatchMan
Premium,VIP
join:2001-03-13
Alpharetta, GA

reply to ghost16825

Re: New Worms scanning on 1025 and others

said by ghost16825:
Which RPC exploit is it?
Blake: My exact question too.

Everyone has been talking about this vector (tcp/1025) as an "RPC Exploit" but I haven't seen anyone discuss the specifics of the exploit and/or which MS patch is supposed to fix it.

Any idea?
--
Lawrence Baldwin
myNetWatchman
The Internet Neighborhood Watch
to forum · permalink · 2004-06-05 08:14:33 ·

psloss
Premium
join:2002-02-24
Alpharetta, GA

said by NetWatchMan:
Everyone has been talking about this vector (tcp/1025) as an "RPC Exploit" but I haven't seen anyone discuss the specifics of the exploit and/or which MS patch is supposed to fix it.
Based on what it looks like, it's probably one of the DCOM exploits. Using port 1025 is one of the ports that Agobot tries to exploit this. But I haven't tried to determine whether the problem is MS03-026, MS03-039, or something that was covered in the cumulative MS04-012 patch in April.

It may be that this is the same vulnerability that Blaster exploited (MS03-026), except that tcp/1025 is less likely to be filtered by consumer ISPs than MSRPC the endpoint mapper port.

Philip Sloss
--
Feedback? e-mail: stuff@lupwa.org
to forum · permalink · 2004-06-05 13:57:07 ·
Forums > Broadband Tech > Security > Security

Monday, 04-Jun 09:55:32 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 12.5 years online © 1999-2012 dslreports.com.
Most commented news this week
Hot Topics