Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Mystery port 3072 and MS04-22 Exploit code available - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Mystery port 3072 and MS04-22 Exploit code available
TCP Port 3072

Another handler pointed out to me some interesting traffic over the past 3 days on TCP port 3072. See the DShield report at http://www.dshield.org/port_report.php?port=3072&recax=1&tarax=2&srcax=2&percent=N&days=170. After searching for a while I could not find any conclusive information about what may have been going on with this port. If anyone has some thoughts or some traffic from a honeypot on this port, it would be useful.



MS04-22 Exploit code available

A few sources have made publicly available exploit code targetted at the vulnerability addressed by Microsoft's patch released earlier this month MS04-22: http://www.microsoft.com/technet/security/bulletin/ms04-022.mspx

The samples I have seen so far are predominantly proof of concept tools and don't do anything malicious.



T. Brian Granier

Handler on Duty
Brian

22 Posts

Sign Up for Free or Log In to start participating in the conversation!