It also opens a backdoor on remote compromised computers on port 8594/tcp. It opens port 69/udp to initiate TFTP transfers. The worm connects to IRC servers and listens for remote commands on port 8080/tcp. It runs and spreads using all current Windows versions, but only infects Windows 2000. (2005.08.16) - a worm that opens a backdoor and exploits the MS Plug and Play Buffer Overflow vulnerability (MS Security Bulletin ) on port 445/tcp. Also opens an FTP server on port 1117/tcp. Connects to IRC servers to listen for remote commands on port 6667/tcp. Same ports are used by the and variants of the worm as well. It also opens an FTP server on port 33333/tcp. It connects to IRC servers and listens for remote commands on port 8080/tcp. See also: Microsoft Security Bulletin and Microsoft Security Bulletin (2005.08.16) - mass-mailing worm that opens a backdoor and exploits the MS Plug and Play Buffer Overflow vulnerability (MS Security Bulletin ) on port 445/tcp. You should filter the above mentioned ports at the firewall level and not allow RPC over an unsecure network, such as the Internet. MS Security Bulletin outlines a critical RPC vulnerability that can be exploited via ports 135, 139, 445, 593 (or any other specifically configured RPC port). (2005.01.16.) - trojan uses port 445, opens port 15118/tcp.ī (2003.08.02) - trojan that exploits the MS DCOM vulnerability, uses ports 445 & 69, opens backdoor on port 57005. exploits port 445 vulnerabilities, opens TCP ports 5554,9996. ![]() Leaving port 445 open leaves Windows machines vulnerable to a number of trojans and worms: It can also be disabled by deleting the HKLM\System\CurrentControlSet\Services \NetBT\Parameters\TransportBindName (value only) in the Windows Registry. Port 445 should be blocked at the firewall level. In Windows 2K/XP and later, Microsoft added the possibility to run SMB directly over TCP/IP, without the extra NetBT layer, for this they use TCP port 445.Ĥ44, 445, 448, 881, 5041, 5060 - 5087, 8404 TCPĨ0, 135, 443, 4443, 8060, 8061, 8080 TCP - standard ports and HTTP(s) traffic In Windows NT it ran on top of NetBT (NetBIOS over TCP/IP, ports 137, 139 and 138/udp). ![]() The SMB (Server Message Block) protocol is used for file sharing in Windows NT/2K/XP and later. TCP port 445 is used for direct TCP/IP MS Networking access without the need for a NetBIOS layer.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |