Re: There seems to be a massive denial of service attack going on

From: Jupiter Jones [MVP] (jones_jupiter_at_hotnomail.com)
Date: 08/12/03


Date: Mon, 11 Aug 2003 16:26:49 -0600


Mark;
First, IMMEDIATELY disconnect from the internet before a "friend"
leaves a gift on your computer for you.
DO NOT reconnect until this issue is resolved.

Install or enable a firewall immediately.
http://support.microsoft.com/?kbid=283673

Run an updated virus scan.
Or Scan for Viruses online:
http://security.symantec.com/ssc/home.asp?j=1&langid=ie&venid=sym&plfid=23&pkj=IRLFIZTYMWPAZTJWUFJ

Also be sure to update immediately to prevent this in the future:
http://windowsupdate.microsoft.com/

This will tell you more:
http://www.microsoft.com/security/security_bulletins/ms03-026.asp

-- 
Jupiter Jones  [MVP]
An easier way to read newsgroup messages:
http://www.microsoft.com/windowsxp/pro/using/newsgroups/setup.asp
http://dts-l.org/index.html
"Mark Jerome" <mdjerome@hotmail.com> wrote in message
news:eavdZnEYDHA.2548@TK2MSFTNGP09.phx.gbl...
> I too am seeing many of my clients remote PC's going down with this
same RPC
> and COM+  errors. The NT Authority auto shutdown that everyone is
talking
> about.
>
>
> Basically all our users behind a firewall are not experiencing this
problem.
> Remote users that acces the interent and then come to our servers by
way of
> terminal connection are dropping like flies.
> We have lost many systems today all going down one after another.
>
> These remote systems, since they use slow dialup were not patched
against
> this RPC exploit. We are trying to now but MS site seems swamped and
we are
> unable.  Fortunately these people can stay up because they can RAS
into our
> firewalled site and then user their browser to get the update. Users
that
> only have internet access can not stay up long enough to get
updates.
>
> All systems affected have the MSBlast.exe file that some poeple have
talked
> about.
>
> Does any security person know whats going on?
>
> How is the DOS working? Where is it coming from? Any word from
Symantec or
> Macafee on what msblast.exe is and what other files may have been
affected?
>
>
>