Ipswitch iMail LDAP Exploit Correlation
The packet captures we've received have allowed us to correlate the increase in port 389 scanning as activity from a recently released exploit tool against the Ipswitch iMail LDAP server.
We were unable to get in touch with Ipswitch to comment on this vulnerability. Ipswitch customers using the iMail LDAP server are advised to implement filtering on port 389 until a patch is made available.
Port 3991 Captures Request
We have seen a spike in activity over the past few days on port 3991. We are looking for more full packet captures of this activity. Please compress files and send as attachments to email@example.com.
--Joshua Wright/Handler on Duty
Feb 23rd 2004
1 decade ago