Scans on TCP port 135

From: Kevin Patz (jambo_catat_private)
Date: Thu Feb 20 2003 - 13:12:04 PST

Next message: Lucas Zaichkowsky: "RE: Weird Profile in Documents and Settings"

Previous message: Rob Shein: "RE: Weird Profile in Documents and Settings"
Next in thread: Dave Aitel: "Re: Scans on TCP port 135"
Reply: Dave Aitel: "Re: Scans on TCP port 135"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) Starting in late October 2002, I've been seeing occasional scans on TCP port 135 on my box. I also see UDP scans on this port, and I know these are Windows Messenger spam attempts, but I am wondering what the TCP scans are for. Could they be attempting to exploit this: "Vulnerability: RPC Service DoS (port 135/tcp) on Windows 2000 SP3" which I read about here: http://www.securityfocus.com/archive/1/296114 Is it this, or could it be something else? Is it possible to send Messenger spam via TCP/135? KJP ---------------------------------------------------------------------------- Do you know the base address of the Global Offset Table (GOT) on a Solaris 8 box? CORE IMPACT does. www.securityfocus.com/core

Next message: Lucas Zaichkowsky: "RE: Weird Profile in Documents and Settings"
Previous message: Rob Shein: "RE: Weird Profile in Documents and Settings"
Next in thread: Dave Aitel: "Re: Scans on TCP port 135"
Reply: Dave Aitel: "Re: Scans on TCP port 135"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Feb 20 2003 - 14:57:55 PST