Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: LDAP Scan increase. Win98 ASN.1 patch, MyDoom Remover, Win98 free update CD SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
LDAP Scan increase. Win98 ASN.1 patch, MyDoom Remover, Win98 free update CD
LDAP scan increase
We are seeing a significant increase in scans for port 389. This port is
associated with LDAP. LDAP is used by a variety of different systems,
in particular Windows active directory. At this point, it is not clear
what these scans are attempting to accomplish. If you have any information,
in particular FULL PACKET CAPTURES (not just firewall logs), let us know.
The increase in port 389 scans is believed to be due to a new exploit
against the iMail LDAP server. The exploit has been posted here:
Windows 98 ASN.1 Patch

Readers reported to our handlers team that Microsoft is distributing a patch
for the ASN.1 issue to Windows 98 users per request. If you are running Windows
98, contact your Microsoft representative for the location of the patch.

As reported earlier, the ASN.1 advisory MS04-007 only covers newer versions of
Windows. Windows 98 is however still vulnerable.

Workaround: you may want to consider renaming or removing msasn1.dll. However, please test this fix carefully as it may break some software.

Careful! Do not trust any patches sent via e-mail.

MyDoom Remover release via Windows Update

Currently, Microsoft is offering a MyDoom virus remover via its Windows Update service.

Free Windows Patch CD

Microsoft offers a free patch CD for all currently supported versions of windows.
You can order a CD here:

Johannes Ullrich, SANS Institute

I will be teaching next: Defending Web Applications Security Essentials - SANS Cyber Security West: March 2021


4068 Posts
ISC Handler
Feb 23rd 2004

Sign Up for Free or Log In to start participating in the conversation!