RE: Exploit for Windows RPC may be in the wild!

From: Eric Appelboom (
Date: 07/27/03

  • Next message: morning_wood: "Re: Exploit for Windows RPC may be in the wild!"
    Date: Sun, 27 Jul 2003 20:42:19 +0200
    To: "Compton, Rich" <>, <>

    Yes exploits have been released (source code) and win32 compilied
    A worm is expected soon see full-disclosure tread.

    Happy patching
    Any1 with snort sig?

    -----Original Message-----
    From: Compton, Rich []
    Sent: 25 July 2003 09:46 PM

    ISPs are reporting a dramatic increase in traffic on TCP port 135. No
    exploit code has been captured as of yet but the increase in traffic on
    port probably indicates that exploit code is being executed! Block
    135 through 139 and 445!

    More info:

    -Rich Compton



  • Next message: morning_wood: "Re: Exploit for Windows RPC may be in the wild!"

    Relevant Pages

    • Re: socket error 10060
      ... On the road you will be using many different ISPs. ... inconsistent because some ISPs have not yet implemented port 25 ... Make sure your Comcast mail account settings agree with this: ... Note that the outgoing server now requires port 587 rather than port 25. ...
    • Re: How much traffic does your ISP filter by TCP port no.?
      ... ISPs for doing precisely that. ... indeed many "ISP"s never did/will offer usenet news. ... This is the result of letting the sundry and all onto The Internet. ... *think* that the Internet is nothing more than port 80 web browsing. ...
    • Re: Attempted Intrusions
      ... Assuming these are just port scans that are blocked at your firewall, ... Ask a legal expert or search ... The ISPs cannot respond to you. ...
    • Re: Holy Crap! (as Frank Barone would say), the SPAM!
      ... Actually, I would prefer if ISPs blocked port 25 for their customers - if they also have a good enough technical support system that they can distinguish between competent and knowledgeable users, ... If a user explicitly requests port 25 to unblocked, chances are that the user knows what he/she is doing. ...