|
|||||||||
|
|||||||||
|
|||||||||
| |
|||
 |
|
|
|
|
|||||||||
|
|||||||||
|
|||||||||
| |
|||
|
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Display Modes |
Dev Articles Community Forums Sponsor:
|
|
|
|
#1
August 12th, 2003, 12:03 PM
|
|||
|
|||
|
RPC DCOM Attack
If You want to check whether your server is vulnerable to RPC DCOM attack (recent ongoing attack on Windows server), download free software from:
http://www.eeye.com/html/Research/Tools/RPCDCOM.html
|
|
#2
August 13th, 2003, 03:01 AM
|
||||
|
||||
|
FYI: A lengthy registration form is required to be filled out.
I took a look at my firewall logs today - it's interesting to note that the virus only seems to be searching for addresses on the same B class (correct me if i'm wrong someone). e.g. my current IP is something like 138.130.30.1 (example only) All the hits on 135 (the port the RPC attack occurs on) all seem to come from people on 138.130.x.x
|
|
#3
August 13th, 2003, 08:32 PM
|
||||
|
||||
|
They way this worm attack has intruiged me - I just found this info about how it generates it's IPs. (for those that care
 )Quote:
|
|
#4
August 13th, 2003, 10:58 PM
|
|||
|
|||
|
I was talking to a guy who is in a cracking group and knows several hackers. He said the attack is supposed to take down the internet..the second half to start with ddos ing on the 15th.
This could all be bs..my friend has been to his house to confirm he is in a cracking group..or is good with Kazaa :P But he did tell us(a small forum group) about the attack a week before it started ..up to you guys to beleive or not 
|
|
#5
August 13th, 2003, 11:06 PM
|
||||
|
||||
|
Yup - I've heard the 16th. Apparently all the infected computers are going to attempt to connect to windows update at the same time. This will cause a few problems. One, say half a billion computers are infected - that's a **** load of traffic all attempting to make something like 20 connections each....
The other issue is that windows update will be DDOS'd. For some reason, no-one seems to be mirroring the patch, just linking to the MS site - pointless.
|
|
#6
August 13th, 2003, 11:30 PM
|
|||
|
|||
|
Quote:
Maybe..I kinda wanna see if they take them down..even for an hour. I should scan to see if I'm infected..I don't use firewall(my dad just took my router) but I did shut off the RPC service..hmm
|
|
#8
August 13th, 2003, 11:47 PM
|
|||
|
|||
|
ZA's free?..I was looking at BlackIce but I gotta pay..oh right..ZA is free for personal use
|
|
#9
August 13th, 2003, 11:52 PM
|
||||
|
||||
|
Here's the direct link to the free version of the ZoneAlarm firewall for anyone else who isn't protected: http://download.zonelabs.com/bin/fr...etup_37_202.exe
|
|
#10
August 14th, 2003, 12:01 AM
|
|||
|
|||
|
Thanks stumpy..running ZA now
|
|
#11
November 18th, 2004, 02:00 AM
|
|||
|
|||
Dont use ZA !!!
Dont use ZA, its gonna suck your RAM ! I used to have it until I found out it was using up to 80% of my processor ! No joke ! use Sygate ! hey, and that virus... I've received like at least 5 attacks a minute for the past 3 hours now ! My server sucks bad !
|
|
#12
November 22nd, 2004, 01:31 PM
|
||||
|
||||
|
I haven't had a problem with Zonealarm... although I've heard the latest version has some bugs.. don't quote me on that though.
|
|
#13
November 22nd, 2004, 01:41 PM
|
||||
|
||||
|
Quote:
........ 
|
|
| Viewing: Dev Articles Community Forums > Community > The Lizard Lounge > RPC DCOM Attack |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
 |
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
