you're probably right <quote who="morning_wood"> > could be... but .. they are two seperate issues, > if the box rebooted its a sign it was rpc-dcom, if not.. proally just a > pop-up > > wood > > > ----- Original Message ----- > From: "Peter Fry" <pafat_private> > To: <incidentsat_private> > Sent: Thursday, July 31, 2003 10:54 AM > Subject: RPC DCOM exploit > > >> We had what looks like an exploit for this vulnerability go around our >> office network and only one machine was (seriously) affected. Somone >> managed to get the machine to start spamming random IPs with what >> looked like the exploit, sending out about 700 RPC pings per second. >> About the same time, we had a NET SEND >> message pop up on our windows boxen advertizing www.freeautobot.com. >> Could this be a new tactic to propigate their spamulous message >> prompts? >> >> Peter >> >> >> >> >> ------------------------------------------------------------------------- > -- >> ------------------------------------------------------------------------- > --- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Sun Aug 03 2003 - 08:44:01 PDT