nanog mailing list archives
Re: dcom worm released
From: Johannes Ullrich <jullrich () euclidian com>
Date: Thu, 07 Aug 2003 10:37:59 -0400
To clarify -- I'm talking about a worm based around the exploit.
For the last few days (maybe its a full week now), we do see SDBot variants that include the RPC DCOM exploit. This has so far explained the increase in rpc scan activity. At this point, I don't think they qualify as a 'worm'. But its close. http://www.dshield.org/port_report.php?port=135&recax=1&tarax=1 On the other hand, SQL Slammer is still a lot more active at this point: http://www.dshield.org/port_report.php?port=1434&recax=1&tarax=1
On Thu, Aug 07, 2003 at 06:34:02AM -0400, Len Rose wrote:It seems to be true.. I haven't seen any code yet but-- http://lists.netsys.com/pipermail/full-disclosure/2003-August/007717.html
-- -------------------------------------------------------------- Johannes Ullrich jullrich () euclidian com pgp key: http://johannes.homepc.org/PGPKEYS -------------------------------------------------------------- "We regret to inform you that we do not enable any of the security functions within the routers that we install." support () covad net --------------------------------------------------------------
Current thread:
- dcom worm released Len Rose (Aug 07)
- Re: dcom worm released Len Rose (Aug 07)
- Re: dcom worm released Johannes Ullrich (Aug 07)
- Re: dcom worm released Len Rose (Aug 07)