I have a WatchGuard SOHO protecting my Qube, I just decided to tell the WatchGuard to blatantly go and deny anything that tries to go in or out on that port - so I wish the worm the best of luck in trying to infect me. And if my network does get infected, it'll at least be contained.
Regards, James Nesbitt -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Graeme Fowler Sent: Wednesday, August 13, 2003 01:45 To: [EMAIL PROTECTED] Subject: RE: [cobalt-security] W32/Lovsan.worm Attacking Port 135 On 12 August 2003 18:22, Rex Gaylord wrote: > Is anybody else getting attacks on Port 135 that is related to this > new virus and do you know if we are vulnerable. It looks like it only > infects windows machines to me so far? 1. Yes 2. No [see below] 3. Indeed, it is another worm exploiting another vulnerability in the underlying Windows subsystems (this time it's the RPC subsystem, crucial to normal operation). [note] If you're running a publically-accessible Samba server (on a Qube, for example), it _might_ cause a local service DoS if it manages to make the daemon crash. It won't, however, exploit it since the hole is in Windows, not Samba, code. Graeme _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
