Sunday, December 11, 2005

SANS - Internet Storm Center

"We have received a report on TCP port 1025 scan. David has observed an increase in port 1025 scan and submitted some packet captures to us. From the captured packet, it contains a request to interface UUID: 906b0ce0-c70b-1067-b317-00dd010662da and BuildContextW (opnum 7) RPC function. Part of the packet payload resembles the MSDTC exploit. This appears to be exploiting MS05-051 vulnerability as described in eEye advisory. If you have seen similar observation, do drop us a note."

today they posted a graph of increased activity here.

The part that I found interesting, "Over the last hour, 37 % of the visitors to this site were vulnerable to the Internet Explorer 0-day exploit. (result based on browser version and javascript enabled)
You are considered not vulnerable" Are you vulnerable? click here to find out.


No comments:

Post a Comment

All comments are moderated.

Note: Only a member of this blog may post a comment.