Ipswitch iMail LDAP Exploit Correlation, Port 3991 activity request

Published: 2004-02-23
Last Updated: 2004-02-23 22:23:56 UTC
by Joshua Wright (Version: 1)
0 comment(s)
Ipswitch iMail LDAP Exploit Correlation

The packet captures we've received have allowed us to correlate the increase in port 389 scanning as activity from a recently released exploit tool against the Ipswitch iMail LDAP server.

We were unable to get in touch with Ipswitch to comment on this vulnerability. Ipswitch customers using the iMail LDAP server are advised to implement filtering on port 389 until a patch is made available.
Port 3991 Captures Request

We have seen a spike in activity over the past few days on port 3991. We are looking for more full packet captures of this activity. Please compress files and send as attachments to handlers@sans.org.
--Joshua Wright/Handler on Duty
0 comment(s)


Diary Archives