MS Advisory on the Vulnerability in RDPMicrosoft has released a security advisory on the vulnerability in Remote Desktop Protocol (RDP). Their initail investigation has confirmed the DoS vulnerability. Services that utilize RDP are not enabled by default, but Remote Desktop is enabled by default on Windows XP Media Center Edition. The advisory has provided the following workarounds: * Block TCP port 3389 at the firewall. * Disable Terminal Services or the Remote Desktop feature if they are not required. * Secure Remote Desktop Connections by using an IPsec policy. * Secure Remote Desktop Connections by employing a Virtual Private Network (VPN) connection. For more details, please refer to: http://www.microsoft.com/technet/security/advisory/904797.mspx Port 3389Yesterday, we mentioned about port 3389 on Windows 0 day exploit. Our reader, Joe, has detected some scans on this port. Looking at port 3389 graph, there is also a spike in the last few days. If you also have experienced the same scan, please let us know. http://isc.sans.org/port_details.php?port=3389 FormMail AttemptsOne reader has detected several attempts on /cgi-bin/FormMail. The IP addresses came from a wide range of networks. From the logs submitted, it could be part of a botnet attempts. If you have seen similiar attempts, please send us a note. 80.xx.xx.xx - - [16/Jul/2005:14:54:57 +0200] "POST /cgi-bin/FormMail HTTP/1.1" 200 2460 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; AIRF; .NET CLR 1.0.3705)" 12.xx.xx.xx - - [16/Jul/2005:14:54:58 +0200] "POST /cgi-bin/FormMail HTTP/1.1" 200 2460 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; AIRF; .NET CLR 1.0.3705)" 63.xx.xx.xx - - [16/Jul/2005:14:55:03 +0200] "POST /cgi-bin/FormMail HTTP/1.0" 200 2460 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; AIRF; .NET CLR 1.0.3705)" 200.xx.xx.xx - - [16/Jul/2005:14:55:05 +0200] "POST /cgi-bin/FormMail HTTP/1.0" 200 2460 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; AIRF; .NET CLR 1.0.3705)" 200.xx.xx.xx - - [16/Jul/2005:14:55:08 +0200] "POST /cgi-bin/FormMail HTTP/1.0" 200 2460 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; AIRF; .NET CLR 1.0.3705)" 80.xx.xx.xx - - [16/Jul/2005:14:55:11 +0200] "POST /cgi-bin/FormMail HTTP/1.1" 200 2460 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; AIRF; .NET CLR 1.0.3705)" 210.xx.xx.xx - - [16/Jul/2005:14:55:15 +0200] "POST /cgi-bin/FormMail HTTP/1.0" 200 2460 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; AIRF; .NET CLR 1.0.3705)" 61.xx.xx.xx - - [16/Jul/2005:14:55:21 +0200] "POST /cgi-bin/FormMail HTTP/1.0" 200 2460 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; AIRF; .NET CLR 1.0.3705)" 203.xx.xx.xx - - [16/Jul/2005:14:55:31 +0200] "POST /cgi-bin/FormMail HTTP/1.0" 200 2460 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; AIRF; .NET CLR 1.0.3705)" 213.xx.xx.xx - - [16/Jul/2005:14:55:30 +0200] "POST /cgi-bin/FormMail HTTP/1.1" 200 2460 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; AIRF; .NET CLR 1.0.3705)" |
Koon Yaw 68 Posts Jul 16th 2005 |
Thread locked Subscribe |
Jul 16th 2005 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!