Re: There seems to be a massive denial of service attack going on

From: Mark Jerome (mdjerome_at_hotmail.com)
Date: 08/12/03 

Date: Tue, 12 Aug 2003 09:45:11 -0400

Well advise is sound but flawed. TO fix the computers we need the patch and
we need acces to get the NAV updates. Problems right now is how STUPID MS is
doing this and how unpapared they are. I can only find the patch through MS
update and NOT as a single file download. THis has immense consequences

Also for sites where we have lots of users on broadband our problem is that
MS has not provided this patch as a file which is utterly stupid!!! What
we all want to do is download ONE FILE. Then disconnect the entire site from
the internet. Then apply the patch to all the computers.

The way it is now we have to have each and every PC hit the internet to get
this patch. MS site is so bogged down it takes for ever. Before any patch
can be complete the PC's are getting nailed with this BUG. this is a viciuos
cycle we can't seem to get out of. Does anyone know where this stupid patch
can be downloaded as a file???

"Jupiter Jones [MVP]" <jones_jupiter@hotnomail.com> wrote in message
news:%23PsBqeFYDHA.1620@TK2MSFTNGP12.phx.gbl...
> Mark;
> First, IMMEDIATELY disconnect from the internet before a "friend"
> leaves a gift on your computer for you.
> DO NOT reconnect until this issue is resolved.
>
> Install or enable a firewall immediately.
> http://support.microsoft.com/?kbid=283673
>
> Run an updated virus scan.
> Or Scan for Viruses online:
>
http://security.symantec.com/ssc/home.asp?j=1&langid=ie&venid=sym&plfid=23&pkj=IRLFIZTYMWPAZTJWUFJ
>
> Also be sure to update immediately to prevent this in the future:
> http://windowsupdate.microsoft.com/
>
> This will tell you more:
> http://www.microsoft.com/security/security_bulletins/ms03-026.asp
>
> --
> Jupiter Jones [MVP]
> An easier way to read newsgroup messages:
> http://www.microsoft.com/windowsxp/pro/using/newsgroups/setup.asp
> http://dts-l.org/index.html
>
>
> "Mark Jerome" <mdjerome@hotmail.com> wrote in message
> news:eavdZnEYDHA.2548@TK2MSFTNGP09.phx.gbl...
> > I too am seeing many of my clients remote PC's going down with this
> same RPC
> > and COM+ errors. The NT Authority auto shutdown that everyone is
> talking
> > about.
> >
> >
> > Basically all our users behind a firewall are not experiencing this
> problem.
> > Remote users that acces the interent and then come to our servers by
> way of
> > terminal connection are dropping like flies.
> > We have lost many systems today all going down one after another.
> >
> > These remote systems, since they use slow dialup were not patched
> against
> > this RPC exploit. We are trying to now but MS site seems swamped and
> we are
> > unable. Fortunately these people can stay up because they can RAS
> into our
> > firewalled site and then user their browser to get the update. Users
> that
> > only have internet access can not stay up long enough to get
> updates.
> >
> > All systems affected have the MSBlast.exe file that some poeple have
> talked
> > about.
> >
> > Does any security person know whats going on?
> >
> > How is the DOS working? Where is it coming from? Any word from
> Symantec or
> > Macafee on what msblast.exe is and what other files may have been
> affected?
> >
> >
> >
>
>

Relevant Pages