CDE Subprocess Control Service scanning increases dramatically
Source: Incidents.org
Scans destined for port 6112 (dtspc) have increased fivefold over the
last 24 hours according to DShield's[1] port report utility. An advisory
from CERT/CC (CA-2002-01[2]) and other sources have indicated that
exploits do, indeed, exist for this vulnerability and systems are being
compromised and backdoored. The rootkits that have been discovered
varied in style and naming, which usually indicates they were installed
by different parties. Worm like activity has not yet been seen in the
wild.
While the numbers weren't drastic enough to flag a priority change within
DShield, when combined, the two details above are cause for concern.
Recommendations on mitigating the risk from this vulnerability are available
in the "Solution" section of the CERT Advisory[2] and include patching,
limiting access to the service and disabling of the service altogether.