Hosting Provided By

ISS command line scanner for RPC/DCOM vulnerability

From: Russell Fulton <r.fulton(at)auckland.ac.nz>
Date: Thu Jul 31 2003 - 19:27:39 EDT

A quick follow up to my previous message...

The ISS scanner gives another response to some machines :

130.216.xx.xx       REMACT 05 00 08 80 01 00 00 00 00 00 00 00 01 00 00 00 05 40 00 80
130.216.xx.xx       REMACT 05 00 08 80 01 00 00 00 00 00 00 00 01 00 00 00 05 40 00 80

Anyone have any idea what this means? We had about 50 machines like this.

-- 
Russell Fulton, Network Security Officer, The University of Auckland,
New Zealand.


---------------------------------------------------------------------------
----------------------------------------------------------------------------

Received on Fri Aug 1 12:45:20 2003

This message: [ Message body ]
Next message: Wong Wai Kit: "Suspicious firewall logs"
Previous message: Chris Shepherd: "Re: Scan of TCP 552-554"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:14 EDT