Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re:

From: H C <keydet89 () yahoo com>
Date: Tue, 15 Oct 2002 06:57:10 -0700 (PDT)
Gary,

I read the stuff that came out of JMU a couple of
years ago about WinTrinoo...was that you?
 

I think some of the stuff is coming in on the MS-RPC
port - 135. We have all netbios over tcp ports
blocked and we still see the spam.


That doesn't make sense.  If you've got the stuff
blocked, how is it coming through?  Are you saying
that you've blocked all of the NetBIOS stuff _except_
port 135?
 

Here is a good write-up that also contains a link to
good info about RPC and windows services:



http://www.mynetwatchman.com/kb/security/articles/popupspam/



http://www.hsc.fr/ressources/breves/min_srv_res_win.en.html




I'm going to take a look at this stuff...but again,
what I sent out is specific to
DirectAdvertisers.com...

Carv


__________________________________________________
Do you Yahoo!?
Faith Hill - Exclusive Performances, Videos & More
http://faith.yahoo.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: