Correct me if I am wrong, but isn't Microsoft's implementation of RPC called DCE RPC and if so, isn't the portmapper listening on port 135, not 111. So, that being said, I believe Jonathan was talking about *nix RPC, and Opus was talking about DCE RPC. A slight misunderstanding... And yes, i am seeing an increase in port 111 activity, and no activity to port 135. -Gary- -----Original Message----- From: Opus [mailto:opusat_private] Sent: Wednesday, August 01, 2001 10:06 PM To: Jonathan Rickman Cc: incidentsat_private Subject: Re: Code Red side effects Microsoft posted a bulletin "Malformed RPC Request Can Cause Service Failure" on July 26th here is the url for the bulletin http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/security/ bulletin/ms01-041.asp -Opus On Wed, 1 Aug 2001, Jonathan Rickman wrote: > With all the attention focused on Code Red, am I the only one seeing a huge > increase in RPC scans? I've logged over a hundred unique hosts in the last 4 > hours. > > -- .~. /V\ /( )\ ^^-^^ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Aug 02 2001 - 13:10:37 PDT