Home page logo

nanog logo nanog mailing list archives

RE: RPC errors
From: Mike Damm <MikeD () irwinresearch com>
Date: Mon, 11 Aug 2003 14:26:40 -0700

The DCOM exploit that is floating around crashes the Windows RPC service
when the attacker closes the connection to your system after a successful
attack. Best bet is to assume any occurrence of crashing RPC services to be
signs of a compromised system until proven otherwise.



Michael Damm, MIS Department, Irwin Research & Development
V: 509.457.5080 x298 F: 509.577.0301 E: miked () irwinresearch com

-----Original Message-----
From: Jack Bates [mailto:jbates () brightok net] 
Sent: Monday, August 11, 2003 1:12 PM
Subject: RPC errors

I'm showing signs of an RPC sweep across one of my networks that's 
killing some XP machines (only XP confirmed). How wide spread is this at 
this time. Also, does anyone know if this is just generating a DOS 
symptom or if I should be looking for backdoors in these client systems?


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]