Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2004-07-31 InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Mystery port 3072 and MS04-22 Exploit code available

Published: 2004-07-31
Last Updated: 2004-08-01 18:50:47 UTC
by Brian Granier (Version: 1)
0 comment(s)
TCP Port 3072

Another handler pointed out to me some interesting traffic over the past 3 days on TCP port 3072. See the DShield report at After searching for a while I could not find any conclusive information about what may have been going on with this port. If anyone has some thoughts or some traffic from a honeypot on this port, it would be useful.

MS04-22 Exploit code available

A few sources have made publicly available exploit code targetted at the vulnerability addressed by Microsoft's patch released earlier this month MS04-22:

The samples I have seen so far are predominantly proof of concept tools and don't do anything malicious.

T. Brian Granier

Handler on Duty
0 comment(s)
Diary Archives