[Dshield] Randex.E from Symantec

Jon R. Kibler Jon.Kibler at aset.com
Wed Aug 13 20:20:22 GMT 2003

Paul Marsh wrote:
> http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.e.html


Symantec claims:
>  Distribution 
>     Ports: TCP 113, TCP 4444, UDP 69 
>     Target of infection: Machines with vulnerable DCOM RPC Services running. 

Port 113 -- AUTH -- can't block that one easily. If you do so, most mail connections will hang for about 90 to 180 seconds before timing out their IDENT request and then proceeding.

Not good.

I wonder if this poses any risk to corruption of IDENTD or PIDENTD servers?

Thoughts anyone?

Jon R. Kibler
A.S.E.T., Inc.
Charleston, SC  USA

More information about the list mailing list