RPC DCOM exploit

From: Peter Fry (paf_at_haxed.net)
Date: 07/31/03

  • Next message: Justin Pryzby: "Re: Scan of TCP 552-554"
    Date: Thu, 31 Jul 2003 10:54:53 -0700 (PDT)
    To: <incidents@securityfocus.com>
    
    

    We had what looks like an exploit for this vulnerability go around our
    office network and only one machine was (seriously) affected. Somone
    managed to get the machine to start spamming random IPs with what looked
    like the exploit, sending out about 700 RPC pings per second. About the
    same time, we had a NET SEND
    message pop up on our windows boxen advertizing www.freeautobot.com.
    Could this be a new tactic to propigate their spamulous message prompts?

    Peter

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------


  • Next message: Justin Pryzby: "Re: Scan of TCP 552-554"