Off topic: This won't help much at all. Windows 2000/XP run Microsoft SMB over TCP on 445 as well (reduced overhead then 135/etc, no NetBIOS layer). When a client tries to connect to a remote host for file/print sharing/etc it connects on both ports 135 and 445, if a response is recieved from port 445 it drops the connection to 135. THe attack works quite well against client systems using port 445. If Cox blocks both ports 135 and 445 that will be semi-effective (except of course for internal users who spread a worm/etc, such as laptops that move around). THis may block a few of the more stupid attacks but not for long.
Kurt Seifried, [EMAIL PROTECTED] A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://seifried.org/security/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
