Re: Possible New Zero Day Microsoft Windows 3389 vulnerability - outbound traffic 3389

2012-01-13 Thread Jerry Dixon
Another possibility is the use of this tool as well: http://www.sensepost.com/labs/tools/pentest/reduh (Reduh) Jerry je...@jdixon.com On Fri, Jan 13, 2012 at 12:02 PM, Mark Keymer wrote: > Hi, > > We have had 2 of the below hit us this week. First time was apx 11:20am > 1/10/2012 (PST). The 2

Re: Possible New Zero Day Microsoft Windows 3389 vulnerability - outbound traffic 3389

2012-01-13 Thread Mark Keymer
Hi, We have had 2 of the below hit us this week. First time was apx 11:20am 1/10/2012 (PST). The 2nd was 1/12/2012 (Yesterday) 4:45pm. We had done some research and had already planed to switch to Network Level Authentication (NLA) as it looks like that would help with the screen not getting

Re: Possible New Zero Day Microsoft Windows 3389 vulnerability - outbound traffic 3389

2012-01-13 Thread Alex Brooks
Hello, On Fri, Jan 13, 2012 at 12:36 PM, James Braunegg wrote: > > Hey All, > > Just posting to see if anyone has seen any strange outbound traffic on port > 3389 from Microsoft Windows Server over the last few hours. > > We witnessed an alarming amount of completely independent Microsoft Window

RE: Possible New Zero Day Microsoft Windows 3389 vulnerability - outbound traffic 3389

2012-01-13 Thread Erik Soosalu
ic coming back - just the login attempts. Thanks, Erik -Original Message- From: James Braunegg [mailto:james.braun...@micron21.com] Sent: Friday, January 13, 2012 8:29 AM To: Erik Soosalu; nanog@nanog.org Subject: RE: Possible New Zero Day Microsoft Windows 3389 vulnerability - outbou

RE: Possible New Zero Day Microsoft Windows 3389 vulnerability - outbound traffic 3389

2012-01-13 Thread James Braunegg
delete the message from your computer. -Original Message- From: Erik Soosalu [mailto:erik.soos...@calyxinc.com] Sent: Saturday, January 14, 2012 12:17 AM To: James Braunegg; nanog@nanog.org Subject: RE: Possible New Zero Day Microsoft Windows 3389 vulnerability - outbound traffic 3389

RE: Possible New Zero Day Microsoft Windows 3389 vulnerability - outbound traffic 3389

2012-01-13 Thread Erik Soosalu
7:37 AM To: nanog@nanog.org Subject: Possible New Zero Day Microsoft Windows 3389 vulnerability - outbound traffic 3389 Hey All, Just posting to see if anyone has seen any strange outbound traffic on port 3389 from Microsoft Windows Server over the last few hours. We witnessed an alarming amount of

Possible New Zero Day Microsoft Windows 3389 vulnerability - outbound traffic 3389

2012-01-13 Thread James Braunegg
Hey All, Just posting to see if anyone has seen any strange outbound traffic on port 3389 from Microsoft Windows Server over the last few hours. We witnessed an alarming amount of completely independent Microsoft Windows Servers, each on separate vlan and subnets (ie all /30 and /29 allocation