[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] What's this person up to?
- Subject: Re: [cobalt-security] What's this person up to?
- From: Jaana Jarve <netcat@xxxxxxxxx>
- Date: Wed, 19 Mar 2003 19:09:53 +0200 (EET)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
On Wed, 19 Mar 2003, DNSAdmin wrote:
> Hello All,
>
> I make it a point to look at new scans when they occur. I've never seen
> anything to this port before:
>
> Mar 18 17:05:32 brochsteins kernel: Packet log: input DENY eth0 PROTO=6
> 212.33.37.183:1315 208.21.174.23:135 L=48 S=0x00 I=614 F=0x4000 T=113 SYN (#42)
>
> Port 135.
>
> Has anyone seen this before? New Windows exploit, perhaps? From the IANA's
> complute TCP/UDP portlist port 135 is:
>
> epmap 135 DCE endpoint resolution
on a windows box, services using DCOM or RPC woud tell the DCE end-point
mapper where they are. scans for this port are nothing new, he could just be trying
to see if you are a windows box running something interesting.
lately, the most common activity on this port are winpopup spammers,
got kind of popular quick, but i believe most people are either blocking it from outside anyway
(organizations) or not running the winpopup/messenger service (home users) so perhaps
the craze will go away soon.
rgds,
netcat