Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: RPC errors

  • From: Drew Weaver
  • Date: Mon Aug 11 17:31:32 2003

Its bloody gorgeous too, my girlfriend's pc rebooted like 9 times,
apparently the worm doesn't check to see if its already infected.

-----Original Message-----
From: Mike Damm [mailto:MikeD@irwinresearch.com] 
Sent: Monday, August 11, 2003 5:27 PM
To: 'Jack Bates'; NANOG
Subject: RE: RPC errors


The DCOM exploit that is floating around crashes the Windows RPC service
when the attacker closes the connection to your system after a successful
attack. Best bet is to assume any occurrence of crashing RPC services to be
signs of a compromised system until proven otherwise.

http://www.cert.org/advisories/CA-2003-19.html

	-Mike

---
Michael Damm, MIS Department, Irwin Research & Development
V: 509.457.5080 x298 F: 509.577.0301 E: miked@irwinresearch.com


-----Original Message-----
From: Jack Bates [mailto:jbates@brightok.net] 
Sent: Monday, August 11, 2003 1:12 PM
To: NANOG
Subject: RPC errors


I'm showing signs of an RPC sweep across one of my networks that's 
killing some XP machines (only XP confirmed). How wide spread is this at 
this time. Also, does anyone know if this is just generating a DOS 
symptom or if I should be looking for backdoors in these client systems?

-Jack




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.