Exploit for Windows RPC may be in the wild!

• Previous message: Dave Paris: "Re: Port 0 packets"
• Next in thread: Eric Appelboom: "RE: Exploit for Windows RPC may be in the wild!"
• Reply: Eric Appelboom: "RE: Exploit for Windows RPC may be in the wild!"
• Reply: morning_wood: "Re: Exploit for Windows RPC may be in the wild!"
• Reply: Eric Appelboom: "RE: Exploit for Windows RPC may be in the wild!"
• Reply: James C. Slora, Jr.: "RE: Exploit for Windows RPC may be in the wild!"
• Reply: Jeff Adams: "RE: Exploit for Windows RPC may be in the wild!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

FYI, 
ISPs are reporting a dramatic increase in traffic on TCP port 135.  No
exploit code has been captured as of yet but the increase in traffic on this
port probably indicates that exploit code is being executed!  Block ports
135 through 139 and 445! 

More info: 
http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS
03-026.asp

-Rich Compton


---------------------------------------------------------------------------
----------------------------------------------------------------------------

• Next message: Michael J. Pomraning: "email worm? Newsletter, aaa.exe, caraoke ksp.exe (fwd)"
• Previous message: Dave Paris: "Re: Port 0 packets"
• Next in thread: Eric Appelboom: "RE: Exploit for Windows RPC may be in the wild!"
• Reply: Eric Appelboom: "RE: Exploit for Windows RPC may be in the wild!"
• Reply: morning_wood: "Re: Exploit for Windows RPC may be in the wild!"
• Reply: Eric Appelboom: "RE: Exploit for Windows RPC may be in the wild!"
• Reply: James C. Slora, Jr.: "RE: Exploit for Windows RPC may be in the wild!"
• Reply: Jeff Adams: "RE: Exploit for Windows RPC may be in the wild!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Jul 27 2003 - 11:20:32 PDT