Full Disclosure mailing list archives
RE: Re: Secure.dcom.exe
From: "Wcc" <wcc () techmonkeys org>
Date: Fri, 8 Aug 2003 15:50:08 -0400
opticfiber wrote:On a chance I connected to the irc servermentioned.(irc.homelien.no).Did a channel search for "rpc" and found a channel called"#rpcfucked"with a contant stream of clients connecting anddisconnecting. Belowis a transcript of the channel for about five minutes or so.
They all appear to be on either eatel.net or arcor-ip.net's networks. This would lead me to believe that this worm infects via it's own network and not by finding random ip's. Will Buckner (Wcc) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Secure.dcom.exe opticfiber (Aug 08)
- Re: Secure.dcom.exe opticfiber (Aug 08)
- RE: Re: Secure.dcom.exe Wcc (Aug 08)
- Re: [normal] RE: Re: Secure.dcom.exe opticfiber (Aug 09)
- Re: RPC DCOM footprints - Symantec sucks? morning_wood (Aug 10)
- RE: Re: Secure.dcom.exe Wcc (Aug 08)
- Re: Secure.dcom.exe opticfiber (Aug 08)