RE: RPC errors

[Sean Crandall <sean () megapath net>]

This worm is amazing.  I have only had filters in place for about 4.5 hours
and I am already approaching 100 million matches for the deny tcp/135 across
my network.  Of that, only one customer has said that they needed 135 open
for legimate use (probably more, but I have only heard from the one).

Sean P. Crandall
VP Engineering Operations
MegaPath Networks Inc.
Pleasanton, CA  
(925) 201-2530
 



> -----Original Message-----
> From: McBurnett, Jim [mailto:jmcburnett () msmgmt com]
> Sent: Monday, August 11, 2003 7:45 PM
> To: John Palmer; nanog () merit edu
> Subject: RE: RPC errors
>
>
>
> over 24 hours.. started block suday afternoon...
>     deny tcp any any eq 445 log (256936 matches)
>     deny udp any any eq 445 log (1 match)
>     deny tcp any any eq 135 (6984433 matches)
>     deny udp any any eq 135 (147654 matches)
>     deny udp any any eq netbios-ss
>     deny tcp any any eq 139 log (378289 matches) 
>
> -----Original Message-----
> From: John Palmer [mailto:nanog () adns net]
> Sent: Monday, August 11, 2003 8:28 PM
> To: nanog () merit edu
> Subject: Re: RPC errors
>
>
>
>
> 45 seconds:
>
>     deny tcp any any eq 135 (5445 matches)
>     deny tcp any any eq 137
>     deny tcp any any eq 138
>     deny tcp any any eq 139
>     deny tcp any any eq 445 (207 matches)
>
> ----- Original Message ----- 
> From: "Randy Bush" <randy () psg com>
> To: <nanog () merit edu>
> Sent: Monday, August 11, 2003 18:52
> Subject: Re: RPC errors
>
>
> > must be fun out there on the net today.  one minute of counter
> > accumulation
> >
> >     deny tcp any any eq 135 (5721 matches)
> >     deny tcp any any eq 137
> >     deny tcp any any eq 138
> >     deny tcp any any eq 139 (17 matches)
> >     deny tcp any any eq 445 (1137 matches)
> >
> > randy