Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Code Red side effects

From: "Portnoy, Gary" <gportnoy () belenosinc com>
Date: Thu, 2 Aug 2001 08:50:26 -0400 
Correct me if I am wrong, but isn't Microsoft's implementation of RPC called
DCE RPC and if so, isn't the portmapper listening on port 135, not 111.  So,
that being said, I believe Jonathan was talking about *nix RPC, and Opus was
talking about DCE RPC.  

A slight misunderstanding...

And yes, i am seeing an increase in port 111 activity, and no activity to
port 135.

-Gary-

-----Original Message-----
From: Opus [mailto:opus () ircore com]
Sent: Wednesday, August 01, 2001 10:06 PM
To: Jonathan Rickman
Cc: incidents () securityfocus com
Subject: Re: Code Red side effects


Microsoft posted a bulletin "Malformed RPC Request Can Cause Service
Failure" on July 26th here is the url for the bulletin
http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/security/
bulletin/ms01-041.asp

-Opus


On Wed, 1 Aug 2001, Jonathan Rickman wrote:


With all the attention focused on Code Red, am I the only one seeing a

huge

increase in RPC scans? I've logged over a hundred unique hosts in the last

4

hours.




-- 
    .~.
    /V\
   /( )\
   ^^-^^


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: