Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Port 1025/6000 Action (Part II) - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Port 1025/6000 Action (Part II)

As reported by Koon Tan yesterday we have seen, and are continuing to see, increased activity reported by more users now.  The link below will show a graph that indicates activity over the past ~72 hours.

http://isc.sans.org/images/port1025tcp.png



We still need full packet captures to help nail this down, so if anybody has them please submit them via the 'Contact' link at the top of the page.

Core Security Technologies has an excellent article on this subject and RPC Vulnerabilities.  One highlight from this article is that the "patches for these vulnerabilities ..... effectively fix the problem(s)" with the vunerabilities used in the discussion.  All of the vulnerabilities are more than 18 months old; these fixed have been out for some time, giving lots of time for admins to perform testing and loading of said patches.

Tony

150 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!