![]() ![]() He thinks they picked it up while using a Hotel?s network to allow them to print to the Hotel?s printers. Joel, a reader, sent us an incident report of a ?PrintMe? () infection. When your Anti-Virus warns you, it?s just telling you that you?re walking a little closely to the ?dangerous? side of the Internet. We try to be diligent and not link to a site that may compromise your system. These are likely to upset your Anti-Virus software. Some days in the Handler?s Diary we include snippets of source code, or links to sites with in-depth analysis of examples of malicious code. If you have reports of the scans, please submit them via Dshield (). ![]() If you have packet captures send them in. Without packets, there?s not much to go on. There are a few know weaknesses in the authorization code in older versions. The 6129/TCP scan MIGHT be looking for instances of the remote administration port for Dameware. The 6101/TCP is theorized to be scanning for the Veritas BackupExec Agent vulnerability discussed earlier () in December. We?ve seen only SYN scans so far, there have not been any packets submitted. Readers submitted queries this morning about scans against 6101/TCP and 6129/TCP.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
June 2023
Categories |