Funny (or not), but I had a 'RPC Crash - Windows will shut down in 60 seconds' (something similar) last night, and I am behind a SW Tele3 with no other computers on my LAN (none on at the time) and deny all services from the WAN, yet I still got what looked like blaster. I know I was patched to the gills, and I have since run Full system scans, checked the system dir', registry, etc. and am completely (known) virus free. I've even run several removal tools to verify - nothing shows.
Since I'm not exactly sure what the warning is supposed to really look like, I'm wondering if I maybe saw a Pop-up of some sort designed to spoof the virus infection. I know that the RPC warning was through a window - cause I accidentally expanded it to full screen - prior to closing it before the 60 seconds finished. Again, not sure how the virus should have behaved... Any ideas??? Q. Would: " DENY * > * 'RPC Service' " be as effective as the (2) below rules - in one rule, or should they be separated into LAN and WAN rules like below? Thanks, Greg -----Original Message----- From: Darrell Shandrow [mailto:[EMAIL PROTECTED] Sent: Thursday, August 14, 2003 9:47 PM To: [EMAIL PROTECTED] Subject: Re: [SonicWALL]- Cache Full Hi David, I don't think that first rule, deny * > RPC, should be necessary since everything is already denied inbound from the WAN unless it has already been opened in the state table from inside the LAN. The second rule could sure help if something in your LAN has somehow gotten infected. The question is, how could that happen? One possible answer that does not point to the SonicWALL could be the connection of laptops that are also connected to unprotected networks in other locations, such as when dialing up from remote locations or on an unprotected home network. Darrell Shandrow - Shandrow Communications! Technology consultant/instructor, network/systems administrator! A+, CCNA, Network+! Check out high quality telecommunications services at http://ld.net/?nu7i All the best to coalition forces carrying out Operation Iraqi Freedom! ----- Original Message ----- From: "David McRell" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, August 13, 2003 8:57 PM Subject: Re: [SonicWALL]- Cache Full > OK. Now I've got rules. > > DENY * > WAN 'RPC Service' > DENY WAN > * 'RPC Service' > > Consider that my existing rules deny ALL incoming WAN connections > except for > a few IPs and small ranges. Goes to show that was not an effective defense. > Now I realize that to deny all ports except the ones we need is impossible - > or is it? > > This Microsoft Windows might really catch on someday. :-) > > > > > on 8/11/2003 12:42 PM, David McRell at [EMAIL PROTECTED] > wrote: > > > Hello, SW List. > > > > Has anyone seen this, yet? > > > > 'The cache is full; 3072 open connections; some will be dropped' > > > > > > I guess I'm wondering about new exploits. A PC running XP Pro was > > generating lots of outgoing connections to port 135 when this > > happened. The > > destination addresses all resided within 93.130.0.0/16. > > -- > David McRell > > --- > [This E-mail scanned for viruses by Declude/F-Prot AV] > > ======================================================================== ==== ======================= > To unsubscribe, send email to [EMAIL PROTECTED] In the body of the > email put the following: unsubscribe sonicwall your_name > The archive of this list is at http://www.mail-archive.com/sonicwall%40peake.com/ > --- [This E-mail scanned for viruses by Declude/F-Prot AV] ======================================================================== =========================== To unsubscribe, send email to [EMAIL PROTECTED] In the body of the email put the following: unsubscribe sonicwall your_name The archive of this list is at http://www.mail-archive.com/sonicwall%40peake.com/ --- [This E-mail scanned for viruses by Declude/F-Prot AV] ==================================================================================================To unsubscribe, send email to [EMAIL PROTECTED] In the body of the email put the following: unsubscribe sonicwall your_name The archive of this list is at http://www.mail-archive.com/sonicwall%40peake.com/
