[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] agobot and 1025

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: [Full-Disclosure] agobot and 1025
From: "Willem Koenings" <isec@xxxxxxxxxx>
Date: Thu, 29 Apr 2004 08:57:23 -0500

hi all,

in range of latest agobot's scans is port 1025. i know that
by default there sits mstask and over rpc you can talk to
him, add scheduled jobs etc (done this). sniffer captures
reveals, that port 1025 attempts significantly resembles
135 DCOM/blaster attempts.

can anyone point out what and how _specifically_ are exploited
in port 1025?

W.
-- 
___________________________________________________________
Sign-up for Ads Free at Mail.com
http://promo.mail.com/adsfreejump.htm

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: [Full-Disclosure] Zonet ZSR1104WE Router problem
Next by Date: [Full-Disclosure] Exploit Identification Request
Previous by thread: [Full-Disclosure] Zonet ZSR1104WE Router problem
Next by thread: [Full-Disclosure] Exploit Identification Request
Index(es):
- Date
- Thread