Re: [Full-disclosure] No one else seeing the new MS05-039 worm yet?
From: Morning Wood (se_cur_ity_at_hotmail.com)
Date: 08/30/05
- Previous message: Valdis.Kletnieks_at_vt.edu: "Re: [Full-disclosure] RE: Example firewall script (iptables)"
- In reply to: Something Anonymous: "Re: [Full-disclosure] No one else seeing the new MS05-039 worm yet?"
- Next in thread: Willem Koenings: "Re: [Full-disclosure] No one else seeing the new MS05-039 worm yet?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Something Anonymous" <something.anonymous@gmail.com>, <full-disclosure@lists.grok.org.uk> Date: Tue, 30 Aug 2005 07:16:43 -0700
>does is listen on port5000 to? 2 attempts we seen come from machines
>nmap'd below - wonder if its what you talking about - we think they
>being used as proxy to jump from
port 5000 is open on only XP w/pnp enabled, however this helps identify XP
from 2k and allows a good guess as to which OS is running. ( for proper
targeting )
cheers,
mw
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Previous message: Valdis.Kletnieks_at_vt.edu: "Re: [Full-disclosure] RE: Example firewall script (iptables)"
- In reply to: Something Anonymous: "Re: [Full-disclosure] No one else seeing the new MS05-039 worm yet?"
- Next in thread: Willem Koenings: "Re: [Full-disclosure] No one else seeing the new MS05-039 worm yet?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
