RPC DCOM exploit

From: Peter Fry (pafat_private)
Date: Thu Jul 31 2003 - 10:54:53 PDT

  • Next message: Justin Pryzby: "Re: Scan of TCP 552-554"

    We had what looks like an exploit for this vulnerability go around our
    office network and only one machine was (seriously) affected.  Somone
    managed to get the machine to start spamming random IPs with what looked
    like the exploit, sending out about 700 RPC pings per second.  About the
    same time, we had a NET SEND
    message pop up on our windows boxen advertizing www.freeautobot.com. 
    Could this be a new tactic to propigate their spamulous message prompts?
    
    Peter
    
    
    
    
    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------
    



    This archive was generated by hypermail 2b30 : Thu Jul 31 2003 - 13:35:32 PDT