Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Increase in Port 1025 scan - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Increase in Port 1025 scan
We have received a report on TCP port 1025 scan. David has observed an increase in port 1025 scan and submitted some packet captures to us. From the captured packet, it contains a request to interface UUID: 906b0ce0-c70b-1067-b317-00dd010662da and BuildContextW (opnum 7) RPC function. Part of the packet payload resembles the MSDTC exploit. This appears to be exploiting MS05-051 vulnerability as described in eEye advisory. If you have seen similar observation, do drop us a note.
Koon Yaw

68 Posts

Sign Up for Free or Log In to start participating in the conversation!