Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: tcp/135 and ICMP Continue to Decline; Solaris 8 Hacks - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
tcp/135 and ICMP Continue to Decline; Solaris 8 Hacks
tcp/135 and ICMP Traffic Continues to Decline. The decline in reported activity on tcp/135 ( and ICMP ( continues. This is due to the Nachi and Blaster worms expiring on January 1st. Many of our submitters are reporting that with the decrease in this activity they are able to see other attacks with a bit more clarity.

Solaris 8 Hacks. We've received a few reports of significant intrusions into networks of patched Solaris 8 machines. Initial analysis indicates what appears to be a multi-vector attack, using finger, rpcbind, and ftp. In one network, the systems that got broken into did not have tcpwrappers installed nor did they have the rpcbind from Wietse Venema and Casper Dik that has tcpwrapper support. However, there were Solaris 8 systems in the same machine room that are behind on patches, but have tcp wrappers installed and they were not broken into. If there have been other cases of similar intrusions in the past few days, the Storm Center would like to hear about it.
Marcus H. Sachs

The SANS Institute

Handler on Duty

301 Posts
ISC Handler
Jan 5th 2004

Sign Up for Free or Log In to start participating in the conversation!