[Full-Disclosure] RE: Increased TCP 139 Activity
Choe.Sung Cont. PACAF CSS/SCHP
Sung.Choe at hickam.af.mil
Fri Oct 10 13:51:08 BST 2003
Ron Dufresne wrote:
> If this is indeed the case, the ping sweep will all be packets of 92 byte,
> these are windows packets, and the recent rcpdcom sploits are the culprit.
ICMP packets 92-bytes in size (72 bytes + 20 bytes for header) are usually
due to a welchia infected host trying to propagate. It is not a rpcdcom
exploit.
V/r,
Sung J. Choe
PACAF CSS/SCHP, PACAF NOSC
Information Assurance Analyst
DSN: 315-449-4317, Comm: 808-449-4317
Full-Disclosure is hosted and sponsored by Secunia.