Quoth Matthew Carpenter:
IIRC, it's 135, the RPC port.
It exploits a vulnerability on TCP port 135, used by DCOM RPC services. You should also block TCP ports 138, 445, 593, 4444 and UDP port 69 (TFTP).
You should block *every* port that doesn't absolutely, positively have to be exposed to the Internet.
Michael
_______________________________________________ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc -> http://www.linux-sxs.org/mailman/listinfo/linux-users
