Ipswitch iMail LDAP Exploit Correlation, Port 3991 activity request
Ipswitch iMail LDAP Exploit Correlation
The packet captures we've received have allowed us to correlate the increase in port 389 scanning as activity from a recently released exploit tool against the Ipswitch iMail LDAP server.
We were unable to get in touch with Ipswitch to comment on this vulnerability. Ipswitch customers using the iMail LDAP server are advised to implement filtering on port 389 until a patch is made available.
Port 3991 Captures Request
We have seen a spike in activity over the past few days on port 3991. We are looking for more full packet captures of this activity. Please compress files and send as attachments to handlers@sans.org.
--Joshua Wright/Handler on Duty
The packet captures we've received have allowed us to correlate the increase in port 389 scanning as activity from a recently released exploit tool against the Ipswitch iMail LDAP server.
We were unable to get in touch with Ipswitch to comment on this vulnerability. Ipswitch customers using the iMail LDAP server are advised to implement filtering on port 389 until a patch is made available.
Port 3991 Captures Request
We have seen a spike in activity over the past few days on port 3991. We are looking for more full packet captures of this activity. Please compress files and send as attachments to handlers@sans.org.
--Joshua Wright/Handler on Duty
Keywords:
0 comment(s)
×
Diary Archives
Comments