RE: Exploit for Windows RPC may be in the wild!

From: Eric Appelboom (eric_at_mweb.com)
Date: 07/27/03

  • Next message: morning_wood: "Re: Exploit for Windows RPC may be in the wild!" 
    Date: Sun, 27 Jul 2003 20:42:19 +0200
To: "Compton, Rich" <RCompton@chartercom.com>, <incidents@securityfocus.com>

     
    Yes exploits have been released (source code) and win32 compilied
    binaries.
    A worm is expected soon see full-disclosure tread.

    Happy patching
    Any1 with snort sig?

    -----Original Message-----
    From: Compton, Rich [mailto:RCompton@chartercom.com]
    Sent: 25 July 2003 09:46 PM
    To: incidents@securityfocus.com

    FYI,
    ISPs are reporting a dramatic increase in traffic on TCP port 135. No
    exploit code has been captured as of yet but the increase in traffic on
    this
    port probably indicates that exploit code is being executed! Block
    ports
    135 through 139 and 445!

    More info:
    http://www.microsoft.com/technet/treeview/?url=/technet/security/bulleti
    n/MS
    03-026.asp

    -Rich Compton

    ------------------------------------------------------------------------ 

    ---
------------------------------------------------------------------------
----
---------------------------------------------------------------------------
----------------------------------------------------------------------------
  • Next message: morning_wood: "Re: Exploit for Windows RPC may be in the wild!"

    Relevant Pages

    • Re: How much traffic does your ISP filter by TCP port no.?
      ... ISPs for doing precisely that. ... indeed many "ISP"s never did/will offer usenet news. ... This is the result of letting the sundry and all onto The Internet. ... *think* that the Internet is nothing more than port 80 web browsing. ...
      (sci.electronics.design)
    • Re: Attempted Intrusions
      ... Assuming these are just port scans that are blocked at your firewall, ... Ask a legal expert or search www.google.com ... The ISPs cannot respond to you. ...
      (microsoft.public.security)
    • Re: Holy Crap! (as Frank Barone would say), the SPAM!
      ... Actually, I would prefer if ISPs blocked port 25 for their customers - if they also have a good enough technical support system that they can distinguish between competent and knowledgeable users, ... If a user explicitly requests port 25 to unblocked, chances are that the user knows what he/she is doing. ...
      (comp.arch.embedded)
    • Re: What is the use of SMTP server
      ... I am with one of the biggest ISPs of US. ... back I was with another big ISP, they also didnt block port 25. ... I dont understand why this step is neccessary to block spam. ... its own domain at any of its server. ...
      (comp.os.linux.misc)
    • Re: Fully spam/virus filtered mail, and reliable outbound relay
      ... I'm not aware of this rate limiting software for port 25 connections but would ... have thought that the ideal way to implement that would be on the ISPs central ... users to send through the organisations mail server is a good idea. ...
      (comp.security.misc)