TCP Port 3072
Another handler pointed out to me some interesting traffic over the past 3 days on TCP port 3072. See the DShield report at http://www.dshield.org/port_report.php?port=3072&recax=1&tarax=2&srcax=2&percent=N&days=170. After searching for a while I could not find any conclusive information about what may have been going on with this port. If anyone has some thoughts or some traffic from a honeypot on this port, it would be useful.
MS04-22 Exploit code available
A few sources have made publicly available exploit code targetted at the vulnerability addressed by Microsoft's patch released earlier this month MS04-22: http://www.microsoft.com/technet/security/bulletin/ms04-022.mspx
The samples I have seen so far are predominantly proof of concept tools and don't do anything malicious.
T. Brian Granier
Handler on Duty
Aug 1st 2004
1 decade ago