XP SP2 Release to manufacturing, and Continued Scanning Trends
SSH Scans continue searching out machines with default and weak password schemas. Below is a url to a post demonstrating what can happen once these brute force attempts are successful.
Microsoft XP SP2 released to Manufacturing.
Microsoft released XP SP2 to Manufacturing today, paving the way to public release at the end of the month. This Service Pack has been available in beta form for a good while already, with mixed reviews. While there are many security fixes in this update, one of the main improvements is that the Windows Personal Firewall will be turned on by default. This does not change the fact that the firewall assumes that if you have an open port, you expect to have that port open on the firewall :-(
According to Microsofts web site, XP SP2 is scheduled to be released this month:
Aug 2, 2004: Windows XP SP 2 Release Candidate 2 (RC2) Removed from the Web
This signifies the end of the pre-release distribution program in
anticipation of the final release of SP2. Windows XP SP2 remains on
schedule for release this month.
We recommend that you not install the RC2 version of SP2 on computers that
are running the latest security updates. Instead, install the final version
of Windows XP SP2 when it becomes available. Installing the RC2 version of
SP2 on computers that already have the latest security updates installed
can cause incompatibilities. The final release of SP2 will be compatible
with all previously installed security updates.
SSH Scans, Microsoft Ports, and Botnet Scans in continuous mode
There have been spikes in port 2745 traffic over the last couple of days. This is a common backdoor from bagle.E and its variants. This increase may be due to continued infection, or bots scanning for the backdoor left by the various malware. Again, quoting the great Tom Liston... 2004 has been a malware festival!
I also continue to see botnet scans for M$ ports, as well as the usual bagle, mydoom, sasser, dabber and other ports. Examples below:
Learn to catch hackers and detect and analyze malicious traffic
Sans New England is coming to Boston Monday September 13, 2004 - Saturday September 18, 2004. I will be teaching the Intrusion Detection Class, and from what I hear, class sizes will small. This is a great opportunity to get handson training in a more comfortable environment. Follow the link below for a detailed description:
Mike Poor [ mike <at> intelguardians.com ]
Aug 7th 2004
1 decade ago