[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] What's this person up to?

Subject: Re: [cobalt-security] What's this person up to?
From: Jaana Jarve <netcat@xxxxxxxxx>
Date: Wed, 19 Mar 2003 19:09:53 +0200 (EET)
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

On Wed, 19 Mar 2003, DNSAdmin wrote:

> Hello All,
>
> I make it a point to look at new scans when they occur. I've never seen
> anything to this port before:
>
> Mar 18 17:05:32 brochsteins kernel: Packet log: input DENY eth0 PROTO=6
> 212.33.37.183:1315 208.21.174.23:135 L=48 S=0x00 I=614 F=0x4000 T=113 SYN (#42)
>
> Port 135.
>
> Has anyone seen this before? New Windows exploit, perhaps? From the IANA's
> complute TCP/UDP portlist port 135 is:
>
> epmap 135 DCE endpoint resolution

on a windows box, services using DCOM or RPC woud tell the DCE end-point
mapper where they are. scans for this port are nothing new, he could just be trying
to see if you are a windows box running something interesting.

lately, the most common activity on this port are winpopup spammers,
got kind of popular quick, but i believe most people are either blocking it from outside anyway
(organizations) or not running the winpopup/messenger service (home users) so perhaps
the craze will go away soon.

rgds,
netcat

References:
- [cobalt-security] What's this person up to?
  - From: DNSAdmin

Prev by Date: [cobalt-security] What's this person up to?
Next by Date: [cobalt-security] Security NEW Sendmail Flaw
Previous by thread: [cobalt-security] What's this person up to?
Next by thread: [cobalt-security] Security NEW Sendmail Flaw

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index