Hi all, This CERT alert was recieved this morning regarding M$ RPC attacks:
The CERT/CC is receiving reports of widespread scanning and exploitation of two recently discovered vulnerabilities in Microsoft Remote Procedure Call (RPC) Interface. ... Known exploits target TCP port 135 and create a privileged backdoor command shell on successfully compromised hosts. ... In both of the attacks described above, a TCP session to port 135 is used to execute the attack. However, access to TCP ports 139 and 445 may also provide attack vectors and should be considered when applying mitigation strategies. Cheers, Dave. Dave van Leeuwen Analyst Programmer University of Canterbury New Zealand On Thu, 31 Jul 2003, [EMAIL PROTECTED] wrote: > > I get lots of attacks aimed at that port. Also quite a large number aimed > > at 139, 135, 57, 1433 and the rest. It seems a bit strange to setup the > > remote management on a port which gets attacked regularly though. > > 135,138,139 are netbios ports. Windoze users are notorious for having > netbios shares open. > >
