could be... but .. they are two seperate issues, if the box rebooted its a sign it was rpc-dcom, if not.. proally just a pop-up wood ----- Original Message ----- From: "Peter Fry" <pafat_private> To: <incidentsat_private> Sent: Thursday, July 31, 2003 10:54 AM Subject: RPC DCOM exploit > We had what looks like an exploit for this vulnerability go around our > office network and only one machine was (seriously) affected. Somone > managed to get the machine to start spamming random IPs with what looked > like the exploit, sending out about 700 RPC pings per second. About the > same time, we had a NET SEND > message pop up on our windows boxen advertizing www.freeautobot.com. > Could this be a new tactic to propigate their spamulous message prompts? > > Peter > > > > > ------------------------------------------------------------------------- -- > ------------------------------------------------------------------------- --- > > --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Fri Aug 01 2003 - 09:18:09 PDT