Re: Worm activity

From: Andrés Montañez (andresmontanez.lists_at_gmail.com)
Date: 06/14/05

  • Next message: Monty Ree: "How to secure /tmp and /dev/shm at linux?"
    Date: Mon, 13 Jun 2005 22:34:17 -0300
    To: Security Basics <security-basics@securityfocus.com>
    
    

    The port 445 is for the SMB suite (SaMBa or ActiveDirectory).
    Port 135 is "DCOM Service Control Manager".

    So the worm would be located in Windows workstations.
    You should start getting a list of recent worms with those targets.
    If you have WinClients... scann them.

    --
    Andrés G. Montañez
    Network Administrator
    Montevideo - Uruguay
    

  • Next message: Monty Ree: "How to secure /tmp and /dev/shm at linux?"

    Relevant Pages

    • RE: [Full-Disclosure] RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!
      ... Subject: RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! ... Seems to be the most common opinion of those who have no apparent experience with large networks. ... held no responsibility here, ...
      (Full-Disclosure)
    • RE: Remote Desktop vs VPN on Windows 2003
      ... > default SQL port to anything else, they would have never been touched by ... risk posed by slow insidious attacks when defenders are always facing off ... > characters) to prevent every SQL scanning worm in existence. ... > security through obscurity doesn't work, when clearly it does have its ...
      (Security-Basics)
    • Protecting Home Machines
      ... It also opens ports between port 666 to port 765 for its malicious ... Similar to the earlier MSBLAST worm variants, ... I recommend Sygate Personal Firewall ... internet connections. ...
      (Security-Basics)
    • Re: Zonealarm Netbios name on port 10xx messages ??
      ... > i use also tiny personal firewall on Win98. ... Probably the opaserv worm. ... just quoting the port it orginates from. ...
      (comp.security.firewalls)
    • Re: SQL Worm
      ... >will allow a connection to port 1433. ... I'm guessing that the worm has been modified and ... >password on the SA account. ... >access to port 1433 for most internet hosts except for certain subnets ...
      (microsoft.public.sqlserver.security)