Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Port 10 traffic, 139&1433 report, DCE RPC Vectors

Dec 11, 2003 11:41PM PST

Port 10 Traffic

We do see a steep increase in number of hosts probed on port 10. While only a few sources participate, the number of hosts probes is very large.

At this point, we do not know what these probes try to accomplish. http://www.dshield.org/port_report.php?port=10

139 and 1433

ISS raised its AlertCON to '2' (from 1) due to reports of an increase in port 139 and 1433 scans. We do not see a significant global increase. In our opinion, a scan for week MSSQL passwords with file sharing component could be a possible reason. (e.g. like 'SQLSnake' ).

DCE RPC Vectors

Core Security technologies published a paper, outlining various ways to exploit DCE RPC DCOM via different vectors. This paper is another reminder that just blocking port 135 is not enough to protect your systems. Patching is the only real solutions, and firewall rules should be applied to all unsolicited inbound traffic if possible. http://www.coresecurity.com/common/showdoc.php?idx=393&;idxseccion=10

More: http://isc.sans.org/diary.html?date=2003-12-12

Discussion is locked