Last Updated: 2005-06-26 12:01:17 UTC
by Pedro Bueno (Version: 1)
We received some reports about spikes on port 10000. The main reason for that is the release of the exploit for Veritas, and used by the Metasploit Framework, as Marc wrote in yesterday´s diary.
An excerpt of the exploit is bellow:
'RHOST' => [1, 'ADDR', 'The target address'],
'RPORT' => [1, 'PORT', 'The target port', 10000],
One of our readers also sent an interesting note about the usage of the new Veritas Exploit:"...So, it seems this exploit is crashing the service listening on port 10000. If sysadmins know they have backup exec installed and they scan the system they will see port 6101 and 10000 normally. After the exploit it will show only the port 6101 still listening."
Geek Wall art
I would like to thank all SANS ISC readers that sent some really interesting(and funny) ideas for Marc´s request in yesterday´s diary!
Bellow is a collection of links and posters ideas: (Thanks guys, and...I want to believe too...)
3- Mural of AOL CD's
7- BOFH material - "yea that one caught the .308 virus... pretty near killed the operator. We're installing kevlar CPU cases next week."
10- http://opte.prolexic.com (own network maps)
11- "The Cognitive Style of Powerpoint"
On my own room, I have SANS roadmap posters, Foundry IPv6 poster, Tripwire vulnerability Matrix posters and, the best soccer team in South America(ok, thats my opinion), Flamengo.
Portuguese Language Community
This week I received a link of a website about security in Portuguese language , it is called Linha Defensiva ( http://linhadefensiva.uol.com.br/ ). I would suggest you a try, if you can understand portuguese.
Another one for the Brazilian community, I will be presenting SANS ISC in a conference in Sao Paulo, from the Brazilian Network Security Workgroup, on July 5th ( http://eng.registro.br/gts/ ).
Handler on Duty: Pedro Bueno cGJ1ZW5vQGlzYy5zYW5zLm9yZw==
Please choose a specific diary above to comment