Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2004-07-31 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Mystery port 3072 and MS04-22 Exploit code available

Published: 2004-07-31
Last Updated: 2004-08-01 18:50:47 UTC
by Brian Granier (Version: 1)
0 comment(s)
TCP Port 3072

Another handler pointed out to me some interesting traffic over the past 3 days on TCP port 3072. See the DShield report at http://www.dshield.org/port_report.php?port=3072&recax=1&tarax=2&srcax=2&percent=N&days=170. After searching for a while I could not find any conclusive information about what may have been going on with this port. If anyone has some thoughts or some traffic from a honeypot on this port, it would be useful.



MS04-22 Exploit code available

A few sources have made publicly available exploit code targetted at the vulnerability addressed by Microsoft's patch released earlier this month MS04-22: http://www.microsoft.com/technet/security/bulletin/ms04-022.mspx

The samples I have seen so far are predominantly proof of concept tools and don't do anything malicious.



T. Brian Granier

Handler on Duty
Keywords:
0 comment(s)
Diary Archives