[prev in list] [next in list] [prev in thread] [next in thread] 

List:       nessus
Subject:    Re: FW: Currently MS UDP/1434 attacks
From:       "Kristofer T. Karas" <ktk () enterprise ! bidmc ! harvard ! edu>
Date:       2003-01-27 14:27:28
[Download RAW message or body]

On Sat, 2003-01-25 at 20:14, Renaud Deraison wrote:
> I also just released a plugin (#11216) which attempts to detect
> compromised hosts (with a very rough method though, it might false
> positive on you).

It didn't work, unfortunately.  UDP port 1434 was open when scanned with
this and 11214, resulting in in false negatives for both.  Either 11214
does not actually shut down the port, or perhaps an infected machine
somehow blocks the port from being further BOed.

Kris

[prev in list] [next in list] [prev in thread] [next in thread]