Increase in Port 1025 scan
We have received a report on TCP port 1025 scan. David has observed an increase in port 1025 scan and submitted some packet captures to us. From the captured packet, it contains a request to interface UUID: 906b0ce0-c70b-1067-b317-00dd010662da and BuildContextW (opnum 7) RPC function. Part of the packet payload resembles the MSDTC exploit. This appears to be exploiting MS05-051 vulnerability as described in eEye advisory. If you have seen similar observation, do drop us a note.
Keywords:
0 comment(s)
×
Diary Archives
Comments