Je hebt een klacht over de onderstaande posting:
Ik zie sinds een uur of 7 vanavond een 1200% !!! stijging in het aantal SYN packets op port 135/TCP. Netwerk-performance dondert langzaam in elkaar. [snipza] Handlers Diary August 11th 2003 Updated August 11th 2003 17:33 EDT RPC DCOM This RPC DCOM worm started spreading early afternoon EDT (evening UTC). At this point, it is spreading rapidly. ********** NOTE: PRELIMINARY. Do not base your incidents response solely on this writeup. ********** Increase in port 135 activity: http://isc.sans.org/images/port135percent.png Latest update: The worm may launch a syn flood against windowsupdate.com on the 16th. (unconfirmed) The worm uses the RPC DCOM vulnerability to propagate. One it finds a vulnerable system, it will spawn a shell on port 4444 and use it to download the actual worm via tftp. The exploit itself is very close to 'dcom.c' and so far appears to use the "universal Win2k" offset only. Infection sequence: 1. SOURCE sends packets to port 135 tcp with variation of dcom.c exploit ...
Beschrijf je klacht (Optioneel):