Re: Remote DCOM call something to worry about?
From: Steven L Umbach (n9rou_at_attbi.com)
Date: 05/03/03
- Next message: C. William Gallagher: "E-mail"
- Previous message: Steven L Umbach: "Re: password problems for Outlook Express"
- In reply to: Christopher P. Winter: "Remote DCOM call something to worry about?"
- Next in thread: Christopher P. Winter: "Re: Remote DCOM call something to worry about?"
- Reply: Christopher P. Winter: "Re: Remote DCOM call something to worry about?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 03 May 2003 01:27:14 GMT
You probably have nothing to worry about - sounds like the firewall
is doing its job. You could run virus/trojan scan on your computer to double
check. However double check firewall settings. You want to set it to not
allow any connection to initiate from the internet assuming you are not
running any services on your computer that would need to allow access. I use
Kerio and have it set not to prompt for inbound attempts from the internet -
just block them, and I don't worry about them. You can go to
http://www.grc.com and run the Shields UP and Probe Ports service to get a
basic idea of if your firewall is doing its job. --- Steve
"Christopher P. Winter" <chrisw20@chrisw20.best.vwh.net> wrote in message
news:eo06bvoppmocsl6uuo2h4e4rlol7krr0ks@4ax.com...
> This is probably nothing to worry about, but I'd like to get some more
> knowledgeable opinions.
>
> On my laptop running NT4, service pack 6a, I have Norton Internet
> Security 2002, which I update weekly through Symantec's subscription
service.
>
> Fairly often, NIS pops up to notify me that it has blocked an inbound
TCP
> packet attempting to access an unused port. Less often, the popup says
that a
> remote server is attempting to access DCOM on my machine. (Not the exact
> wording.) The default option is to PERMIT the access -- probably because
NIS
> judges it a low risk. My security level is set to Medium.
>
> Usually I block it. However, on the 30th I was about to click on
> something else when the NIS window popped up. And since I have set the
cursor
> to jump to the button with the focus, this call was permitted. It accessed
> Rpcss.exe, which I know to be the Windows remote procedure call program.
> Here's the complete log entry:
>
> Date: 4/30/03 Time: 10:23:28
> This one time, the user has chosen to "permit" communications.
> Details:
> Inbound TCP connection
> Local address,service is (ampridatvir,dcom)
> Remote address,service is (217.5.68.69,2469)
> Process name is "C:\WINNT\system32\RPCSS.EXE"
>
> Using ARIN WHOIS and RIPE WHOIS, I traced the IP address to Deutsche
> Telecom AG. Since this is an ISP, the actual user could be almost anybody.
>
> So: is this, in your opinion, something I should worry about?
>
> TIA,
> Chris
- Next message: C. William Gallagher: "E-mail"
- Previous message: Steven L Umbach: "Re: password problems for Outlook Express"
- In reply to: Christopher P. Winter: "Remote DCOM call something to worry about?"
- Next in thread: Christopher P. Winter: "Re: Remote DCOM call something to worry about?"
- Reply: Christopher P. Winter: "Re: Remote DCOM call something to worry about?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
