Not to be left out ...

Donald Murdoch dmurdoch at odu.edu
Tue Aug 12 19:20:43 GMT 2003


Hi all.

We have two people actively monitoring the DMZ network - one is watching a
TCPDUMP trace for any system connecting to port 135, and the other one is
monitoring a snort sensor specifically configured with the two RPC DCOM
vulnerabilities.
Today - spent a bunch of time in a lab, looking ....
Shut down 2 IP's attempting to infect the world ....
Blocking known ports at the outermost point ..... (135-139, 445, etc).
Considering a tactical investment in Jolt Cola stock for the next 2
weeks.... but my broker won't call me back!

I did discover a misguided RPC service on a Linux system as a side effect.

-=-=-==-==-=-=-==-=-==-=-==-=-==-=-=-=-==-=-=-
Don Murdoch, CISSP, GCIA, MCSE, MCSD
Information Systems Security Officer
Tel: 757-683-4580    Office of Computing and Communications Services
Fax: 757-683-5155    Old Dominion University - Norfolk, Virginia. USA
This signature block is not a digital signature under UETA.  If you
received this message in error, inform the sender and delete it.





More information about the unisog mailing list