This worm is amazing. I have only had filters in place for about 4.5 hours and I am already approaching 100 million matches for the deny tcp/135 across my network. Of that, only one customer has said that they needed 135 open for legimate use (probably more, but I have only heard from the one).
Sean P. Crandall VP Engineering Operations MegaPath Networks Inc. Pleasanton, CA (925) 201-2530 > -----Original Message----- > From: McBurnett, Jim [mailto:[EMAIL PROTECTED] > Sent: Monday, August 11, 2003 7:45 PM > To: John Palmer; [EMAIL PROTECTED] > Subject: RE: RPC errors > > > > over 24 hours.. started block suday afternoon... > deny tcp any any eq 445 log (256936 matches) > deny udp any any eq 445 log (1 match) > deny tcp any any eq 135 (6984433 matches) > deny udp any any eq 135 (147654 matches) > deny udp any any eq netbios-ss > deny tcp any any eq 139 log (378289 matches) > > -----Original Message----- > From: John Palmer [mailto:[EMAIL PROTECTED] > Sent: Monday, August 11, 2003 8:28 PM > To: [EMAIL PROTECTED] > Subject: Re: RPC errors > > > > > 45 seconds: > > deny tcp any any eq 135 (5445 matches) > deny tcp any any eq 137 > deny tcp any any eq 138 > deny tcp any any eq 139 > deny tcp any any eq 445 (207 matches) > > ----- Original Message ----- > From: "Randy Bush" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Monday, August 11, 2003 18:52 > Subject: Re: RPC errors > > > > > > must be fun out there on the net today. one minute of counter > > accumulation > > > > deny tcp any any eq 135 (5721 matches) > > deny tcp any any eq 137 > > deny tcp any any eq 138 > > deny tcp any any eq 139 (17 matches) > > deny tcp any any eq 445 (1137 matches) > > > > randy > > > > > > >
