Re: How is Blaster caught?
From: Eds (callmerazor_at_hotmael.com)
Date: 08/15/03
- Next message: Nick Maclaren: "Re: Stack growth direction to thwart buffer overflow attacks"
- Previous message: Bill Unruh: "Re: Stack growth direction to thwart buffer overflow attacks"
- In reply to:(deleted message) Juergen Nieveler: "Re: How is Blaster caught?"
- Next in thread: anna keynow: "Re: How is Blaster caught?"
- Reply: anna keynow: "Re: How is Blaster caught?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 15 Aug 2003 19:43:10 +0000 (UTC)
This explains what's happened to me, I think. I kept getting the shutdown
window, though Outpost Firewall was running. I had disabled it briefly that
day, so I thought maybe that's when I got infected, but now i think each
time I was attacked it blocked installation of the worm, but failed to
prevent the RPC crash. I haven't been able to find any sign of the worm on
my computer in any of its known variants. The MS patch has prevented the
crash reoccurring. I was worried I had an unknown variant on my PC, but
maybe Outpost did part of its job?
Not completely convinced by this, but it's a bit out of my area...
Eds
"Juergen Nieveler" <juergen.nieveler.nospam@arcor.de> wrote in message
news:Xns93D8D15EF9A14juergennieveler@nieveler-43544.user.cis.dfn.de...
> "Eds" <callmerazor@hotmael.com> wrote:
>
> > Does this mean you could experience the 60 sec shutdown window, even
> > if the worm failed to infect your computer?
>
> Yes, the shutdown is caused by the RPC service on XP crashing after
> receiving the malformed packet. MS apparently implemented this as a
> feature to make sure that machines don't suffer a DoS through malformed
> RPC requests.... after all, Rebooting always solves all problems on
> Windows ;-)
>
> The only way to prevent the shutdown from happening (apart from
> stopping the countdown manually) is to apply the patch so that the RPC
> service doesn't crash.
>
> BTW, I've heard that a couple of "Personal Firewalls" didn't protect
> against this attack - has anybody heard more about this?
>
> --
> Juergen Nieveler / juergen.nieveler@web.de / PGP supported!
> A sadist is someone who's kind to a masochist
- Next message: Nick Maclaren: "Re: Stack growth direction to thwart buffer overflow attacks"
- Previous message: Bill Unruh: "Re: Stack growth direction to thwart buffer overflow attacks"
- In reply to:(deleted message) Juergen Nieveler: "Re: How is Blaster caught?"
- Next in thread: anna keynow: "Re: How is Blaster caught?"
- Reply: anna keynow: "Re: How is Blaster caught?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
