Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: dcom worm released

  • From: Johannes Ullrich
  • Date: Thu Aug 07 10:40:54 2003


> To clarify --  I'm talking about a worm based around the
> exploit.

For the last few days (maybe its a full week now), we
do see SDBot variants that include the RPC DCOM exploit.
This has so far explained the increase in rpc scan
activity. At this point, I don't think they qualify
as a 'worm'. But its close.

http://www.dshield.org/port_report.php?port=135&recax=1&tarax=1

On the other hand, SQL Slammer is still a lot more 
active at this point:


http://www.dshield.org/port_report.php?port=1434&recax=1&tarax=1

> 
> On Thu, Aug 07, 2003 at 06:34:02AM -0400, Len Rose wrote:
> > 
> > 
> > It seems to be true.. I haven't seen any
> > code yet but-- 
> > 
> > http://lists.netsys.com/pipermail/full-disclosure/2003-August/007717.html
-- 
--------------------------------------------------------------
Johannes Ullrich                     jullrich@euclidian.com
pgp key: http://johannes.homepc.org/PGPKEYS
--------------------------------------------------------------
   "We regret to inform you that we do not enable any of the 
    security functions within the routers that we install."
         support@covad.net
--------------------------------------------------------------






Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.