Security Incidents mailing list archives
Re:
From: H C <keydet89 () yahoo com>
Date: Tue, 15 Oct 2002 06:57:10 -0700 (PDT)
Gary, I read the stuff that came out of JMU a couple of years ago about WinTrinoo...was that you?
I think some of the stuff is coming in on the MS-RPC port - 135. We have all netbios over tcp ports blocked and we still see the spam.
That doesn't make sense. If you've got the stuff blocked, how is it coming through? Are you saying that you've blocked all of the NetBIOS stuff _except_ port 135?
Here is a good write-up that also contains a link to good info about RPC and windows services:
http://www.mynetwatchman.com/kb/security/articles/popupspam/
http://www.hsc.fr/ressources/breves/min_srv_res_win.en.html
I'm going to take a look at this stuff...but again, what I sent out is specific to DirectAdvertisers.com... Carv __________________________________________________ Do you Yahoo!? Faith Hill - Exclusive Performances, Videos & More http://faith.yahoo.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com