ISS command line scanner for RPC/DCOM vulnerability

From: Russell Fulton (r.fultonat_private)
Date: Thu Jul 31 2003 - 16:27:39 PDT

Next message: Wong Wai Kit: "Suspicious firewall logs"

Previous message: Chris Shepherd: "Re: Scan of TCP 552-554"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

A quick follow up to my previous message...

The ISS scanner gives another response to some machines :

130.216.xx.xx       REMACT 05 00 08 80 01 00 00 00 00 00 00 00 01 00 00 00 05 40 00 80
130.216.xx.xx       REMACT 05 00 08 80 01 00 00 00 00 00 00 00 01 00 00 00 05 40 00 80

Anyone have any idea what this means?  We had about 50 machines like
this.


-- 
Russell Fulton, Network Security Officer, The University of Auckland,
New Zealand.


---------------------------------------------------------------------------
----------------------------------------------------------------------------

Next message: Wong Wai Kit: "Suspicious firewall logs"
Previous message: Chris Shepherd: "Re: Scan of TCP 552-554"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Aug 01 2003 - 09:45:04 PDT