RE: Why the shutdown if infected with blaster?

From: Vincent Martin (Vincent.Martin_at_lincolngeneral.com)
Date: 08/13/03

  • Next message: Mario Davids: "RE: Blaster vs. Kaht2"
    Date: Wed, 13 Aug 2003 11:02:17 -0400
    To: Carlos Baez Ortíz <cbaez@mail.SUAGM.EDU>, <focus-ms@securityfocus.com>
    
    

    I believe it has to do with the settings that the RPC service has. Its recovery is set to reboot the computer instead of restarting the service. Perhaps if you need to give yourself a few extra minutes to apply your patches you could change that to restart. Or perhaps even stop the service.

    -----Original Message-----
    From: Carlos Baez Ortíz [mailto:cbaez@mail.SUAGM.EDU]
    Sent: Tuesday, August 12, 2003 6:54 PM
    To: focus-ms@securityfocus.com
    Subject: Why the shutdown if infected with blaster?

    Can someone please explain what is the relation between the blaster worm and the remote shutdown from the infected system?

    Ing. Carlos Báez
    Director de Seguridad de Sistemas
    Sistema Universitario Ana G. Méndez
    P.O. Box 21345
    San Juan, Puerto Rico 00928-1345
    Tel: (787) 751-0178 Ext. 7134
    cbaez@suagm.edu

    ---------------------------------------------------------------------------
    Your network firewall and IDS products do not prevent Web application
    attacks - the most common form of online exploitation- resulting in Web
    defacement, data theft, sabotage and fraud.
    KaVaDo is the only company that provides a complete suite of Web
    application security products.
    Download a FREE whitepaper on "Security Policy Automation for Web
    Applications":http://www.securityfocus.com/Kavado-focus-ms
    ---------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    Your network firewall and IDS products do not prevent Web application
    attacks - the most common form of online exploitation- resulting in Web
    defacement, data theft, sabotage and fraud.
    KaVaDo is the only company that provides a complete suite of Web
    application security products.
    Download a FREE whitepaper on "Security Policy Automation for Web
    Applications":http://www.securityfocus.com/Kavado-focus-ms
    ---------------------------------------------------------------------------


  • Next message: Mario Davids: "RE: Blaster vs. Kaht2"

    Relevant Pages

    • RE: What the heck is this msblast.exe
      ... What the heck is this msblast.exe ... |Your network firewall and IDS products do not prevent Web application ... |attacks - the most common form of online exploitation- resulting in Web ... |Download a FREE whitepaper on "Security Policy Automation for Web ...
      (Focus-Microsoft)
    • RE: What the heck is this msblast.exe
      ... |Your network firewall and IDS products do not prevent Web application ... |attacks - the most common form of online exploitation- resulting in Web ... |Download a FREE whitepaper on "Security Policy Automation for Web ...
      (Focus-Microsoft)
    • RE: What the heck is this msblast.exe
      ... |Your network firewall and IDS products do not prevent Web application ... |attacks - the most common form of online exploitation- resulting in Web ... |Download a FREE whitepaper on "Security Policy Automation for Web ...
      (Focus-Microsoft)
    • RE: DCOM RPC exploit as a virus/trojan?
      ... Your network firewall and IDS products do not prevent Web application ... attacks - the most common form of online exploitation- resulting in ... Download a FREE whitepaper on "Security Policy Automation for Web ...
      (Focus-Microsoft)
    • RE: What the heck is this msblast.exe
      ... The RPC exploit itself leaves the server open to any action at all. ... |Your network firewall and IDS products do not prevent Web application ... |attacks - the most common form of online exploitation- resulting in Web ... |Download a FREE whitepaper on "Security Policy Automation for Web ...
      (Focus-Microsoft)