Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Increase in Port 1025 scan SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Increase in Port 1025 scan
We have received a report on TCP port 1025 scan. David has observed an increase in port 1025 scan and submitted some packet captures to us. From the captured packet, it contains a request to interface UUID: 906b0ce0-c70b-1067-b317-00dd010662da and BuildContextW (opnum 7) RPC function. Part of the packet payload resembles the MSDTC exploit. This appears to be exploiting MS05-051 vulnerability as described in eEye advisory. If you have seen similar observation, do drop us a note.
Koon Yaw

68 Posts
Dec 10th 2005

Sign Up for Free or Log In to start participating in the conversation!