Mystery port 3072 and MS04-22 Exploit code available

Published: 2004-07-31
Last Updated: 2004-08-01 18:50:47 UTC
by Brian Granier (Version: 1)
0 comment(s)
TCP Port 3072

Another handler pointed out to me some interesting traffic over the past 3 days on TCP port 3072. See the DShield report at After searching for a while I could not find any conclusive information about what may have been going on with this port. If anyone has some thoughts or some traffic from a honeypot on this port, it would be useful.

MS04-22 Exploit code available

A few sources have made publicly available exploit code targetted at the vulnerability addressed by Microsoft's patch released earlier this month MS04-22:

The samples I have seen so far are predominantly proof of concept tools and don't do anything malicious.

T. Brian Granier

Handler on Duty
0 comment(s)


Diary Archives