port 2967 TCP
- From: responder <no@xxxxxxxxxxxx>
- Date: Sun, 07 Jan 2007 04:24:07 -0500
Hello
Among the newer trash traffic in my logs is port 2967 TCP traffic.
# grep -c 2967 /var/log/message*
/var/log/messages:65
/var/log/messages.1:89
/var/log/messages.2:70
/var/log/messages.3:1
/var/log/messages.4:0
http://isc.sans.org/port_details.php?port=2967
This does not appear to be a threat to me, as firewall blocks it and I
have nothing listening there to respond, even if it were not blocked. It
would not appear to be a threat to *nix users, as it seems to be targeting
Win security software. ;/ It is apparently not new as vulnerabilities go,
just new as an apparent active exploit of some sort.
If it seems to you to be the right thing to do, advise your Win user and
Win admin friends to promptly and finally do the right patch or update
thing to close off this attack traffic. Thanks.
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2630
Name CVE-2006-2630 (under review)
Status Candidate
Description Stack-based buffer overflow in Symantec Antivirus 10.1 and
Client Security 3.1 allows remote attackers to execute arbitrary code via
unknown attack vectors.
http://www.symantic.com/
....
I watch my logs. People are being hurt by this, whatever it is, else I
would not be seeing this traffic in my logs. Clue your Windows friends and
coworkers in to this apparent ongoing exploit, and get them to do the
right things for their own security. When they get ripped off, we all
eventually pay for it. "An ounce of prevention is worth a pound of cure."
Please and thank you.
.
- Follow-Ups:
- Re: port 2967 TCP
- From: responder
- Re: port 2967 TCP
- From: patrick
- Re: port 2967 TCP
- Prev by Date: Re: running the makefile i got the error message .....
- Next by Date: Re: port 2967 TCP
- Previous by thread: Most secure web server
- Next by thread: Re: port 2967 TCP
- Index(es):
Relevant Pages
|
