Port 42, New Old Patch, Scams

Published: 2005-01-19
Last Updated: 2005-01-20 01:30:26 UTC
by Michael Haisley (Version: 1)
0 comment(s)
We have been seeing a lot of user reports of activity on port 42, although we don't seem to have any reports of what specifically is causing it, we really would like to receive additional reports from systems receiving or originating high port 42 traffic.

This traffic appears to have spiked on the 13th or so, but is maintaining higher than normal levels, and so is still interesting. A good suggestion might be to disable port 42 if you are not running WINS.

Looks like Microsoft is going to update MS04-038 if this is in fact updated, it was a critical vulnerability, so you should check your systems regardless of the press that Microsoft gives the update. Note that the 2004 date in the link appears to be a typo.

More details can be found at http://www.ngssoftware.com/advisories/msinsengfull.txt
We seem to be seeing more sophisticated phishing sites/attempts from multiple sources on a more routine basis. So, with that in mind, most solutions are non-technical in nature, what I would really like to know is, what are you doing to educate your users? If not education, how do you protect against phishing sites?

Michael Haisley mhaisley@isc.sans.org
SANS Internet Storm Center Incident Handler
0 comment(s)


Diary Archives