Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Mystery port 3072 and MS04-22 Exploit code available SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Mystery port 3072 and MS04-22 Exploit code available
TCP Port 3072

Another handler pointed out to me some interesting traffic over the past 3 days on TCP port 3072. See the DShield report at After searching for a while I could not find any conclusive information about what may have been going on with this port. If anyone has some thoughts or some traffic from a honeypot on this port, it would be useful.

MS04-22 Exploit code available

A few sources have made publicly available exploit code targetted at the vulnerability addressed by Microsoft's patch released earlier this month MS04-22:

The samples I have seen so far are predominantly proof of concept tools and don't do anything malicious.

T. Brian Granier

Handler on Duty

22 Posts
Aug 1st 2004

Sign Up for Free or Log In to start participating in the conversation!