Re: There seems to be a massive denial of service attack going on
From: Jupiter Jones [MVP] (jones_jupiter_at_hotnomail.com)
Date: Mon, 11 Aug 2003 16:26:49 -0600
First, IMMEDIATELY disconnect from the internet before a "friend"
leaves a gift on your computer for you.
DO NOT reconnect until this issue is resolved.
Install or enable a firewall immediately.
Run an updated virus scan.
Or Scan for Viruses online:
Also be sure to update immediately to prevent this in the future:
This will tell you more:
-- Jupiter Jones [MVP] An easier way to read newsgroup messages: http://www.microsoft.com/windowsxp/pro/using/newsgroups/setup.asp http://dts-l.org/index.html "Mark Jerome" <firstname.lastname@example.org> wrote in message news:eavdZnEYDHA.2548@TK2MSFTNGP09.phx.gbl... > I too am seeing many of my clients remote PC's going down with this same RPC > and COM+ errors. The NT Authority auto shutdown that everyone is talking > about. > > > Basically all our users behind a firewall are not experiencing this problem. > Remote users that acces the interent and then come to our servers by way of > terminal connection are dropping like flies. > We have lost many systems today all going down one after another. > > These remote systems, since they use slow dialup were not patched against > this RPC exploit. We are trying to now but MS site seems swamped and we are > unable. Fortunately these people can stay up because they can RAS into our > firewalled site and then user their browser to get the update. Users that > only have internet access can not stay up long enough to get updates. > > All systems affected have the MSBlast.exe file that some poeple have talked > about. > > Does any security person know whats going on? > > How is the DOS working? Where is it coming from? Any word from Symantec or > Macafee on what msblast.exe is and what other files may have been affected? > > >