Security Incidents mailing list archives
Re:
From: Gary Flynn <flynngn () jmu edu>
Date: Tue, 15 Oct 2002 09:30:15 -0400
H C wrote:
I did some testing...and after reading this thread and seeing the DirectAdvertisers.com site, I decided to right up some code and see what happened (the code is below). I tested this on a network...and it worked just fine.
I think some of the stuff is coming in on the MS-RPC port - 135. We have all netbios over tcp ports blocked and we still see the spam. Here is a good write-up that also contains a link to good info about RPC and windows services: http://www.mynetwatchman.com/kb/security/articles/popupspam/ http://www.hsc.fr/ressources/breves/min_srv_res_win.en.html -- Gary Flynn Security Engineer - Technical Services James Madison University Please R.U.N.S.A.F.E. http://www.jmu.edu/computing/runsafe ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com