There seems to be a massive denial of service attack going on

From: Mark Jerome (mdjerome_at_hotmail.com)
Date: 08/11/03


Date: Mon, 11 Aug 2003 16:47:56 -0400


I too am seeing many of my clients remote PC's going down with this same RPC
and COM+ errors. The NT Authority auto shutdown that everyone is talking
about.

Basically all our users behind a firewall are not experiencing this problem.
Remote users that acces the interent and then come to our servers by way of
terminal connection are dropping like flies.
We have lost many systems today all going down one after another.

These remote systems, since they use slow dialup were not patched against
this RPC exploit. We are trying to now but MS site seems swamped and we are
unable. Fortunately these people can stay up because they can RAS into our
firewalled site and then user their browser to get the update. Users that
only have internet access can not stay up long enough to get updates.

All systems affected have the MSBlast.exe file that some poeple have talked
about.

Does any security person know whats going on?

How is the DOS working? Where is it coming from? Any word from Symantec or
Macafee on what msblast.exe is and what other files may have been affected?



Relevant Pages

  • Re: There seems to be a massive denial of service attack going on
    ... > Install or enable a firewall immediately. ... >> Remote users that acces the interent and then come to our servers by ... >> this RPC exploit. ... >> firewalled site and then user their browser to get the update. ...
    (microsoft.public.windowsxp.security_admin)
  • temporary fix for Windows rebooting with RPC message
    ... A possible temporary fix for the rebooting Windows machine with the RPC ... Remote Access Auto Connection Manager ... First select the Remote Access Connection Manager with the secondary ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Exchange 2003 with 3 locations...
    ... I have not studied the rpc over http bandwidth consumption before. ... >> 200 users is a lot for the full client on a T1 even with cached mode. ... >> Might want to look into mailbox servers at the remote sites... ... >> Windows Server MVP ...
    (microsoft.public.exchange2000.general)
  • There seems to be a massive denial of service attack going on
    ... hole the virus is getting in through. ... >I too am seeing many of my clients remote PC's going down ... with this same RPC ... >firewalled site and then user their browser to get the ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Remote procedure call
    ... run the "Remote Procedure Call" service despite the fact that I don't allow anybody access to my computer via remote help? ... John, thanks for replying. ... Yes, I'm aware that RPC handles calls between processes and services, but it seems to me that inner-computer calls could be handled discretely from inter-computer calls. ... NT systems are client/server systems, a process that makes a request to another process is a client and the process that responds to the request is a server, the the interprocess communication can be local or across a network, they're all client/server transactions. ...
    (microsoft.public.windowsxp.general)