Je hebt een klacht over de onderstaande posting:
Handlers Diary August 11th 2003 Updated August 11th 2003 17:33 EDT RPC DCOM This RPC DCOM worm started spreading early afternoon EDT (evening UTC). At this point, it is spreading rapidly. ********** NOTE: PRELIMINARY. Do not base your incidents response solely on this writeup. ********** Increase in port 135 activity: http://isc.sans.org/images/port135percent.png Latest update: The worm may launch a syn flood against windowsupdate.com on the 16th. (unconfirmed) The worm uses the RPC DCOM vulnerability to propagate. One it finds a vulnerable system, it will spawn a shell on port 4444 and use it to download the actual worm via tftp. The exploit itself is very close to 'dcom.c' and so far appears to use the "universal Win2k" offset only. Infection sequence: 1. SOURCE sends packets to port 135 tcp with variation of dcom.c exploit to TARGET 2. this causes a remote shell on port 4444 at the TARGET 3. the SOURCE now sends the tftp get command to the TARGET, using the shell on port 4444, 4. ...
Beschrijf je klacht (Optioneel):