Ipswitch iMail LDAP Exploit Correlation
The packet captures we've received have allowed us to correlate the increase in port 389 scanning as activity from a recently released exploit tool against the Ipswitch iMail LDAP server. We were unable to get in touch with Ipswitch to comment on this vulnerability. Ipswitch customers using the iMail LDAP server are advised to implement filtering on port 389 until a patch is made available. Port 3991 Captures Request We have seen a spike in activity over the past few days on port 3991. We are looking for more full packet captures of this activity. Please compress files and send as attachments to handlers@sans.org. --Joshua Wright/Handler on Duty |
Joshua 34 Posts Feb 23rd 2004 |
Thread locked Subscribe |
Feb 23rd 2004 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!