The deny rule you show would deny RPC from LAN to LAN, too. That will stop its spread on your network, but doesn't Windows need it on the LAN?
As I understand it, the moment you see the 'RPC shut down' is the indication that the buffer overflow occurred, leaving the PC vulnerable, and it is then that the code installs itself. Funny, but in my case, the worm never got to the other PCs on the LAN. I only have four or five to worry about, thankfully. Regards -- David on 8/14/2003 11:18 PM, Gregory O'Strander at [EMAIL PROTECTED] wrote: > Funny (or not), but I had a 'RPC Crash - Windows will shut down in 60 > seconds' (something similar) last night, and I am behind a SW Tele3 with > no other computers on my LAN (none on at the time) and deny all services > from the WAN, yet I still got what looked like blaster. I know I was > patched to the gills, and I have since run Full system scans, checked > the system dir', registry, etc. and am completely (known) virus free. > I've even run several removal tools to verify - nothing shows. > > Since I'm not exactly sure what the warning is supposed to really look > like, I'm wondering if I maybe saw a Pop-up of some sort designed to > spoof the virus infection. I know that the RPC warning was through a > window - cause I accidentally expanded it to full screen - prior to > closing it before the 60 seconds finished. > > Again, not sure how the virus should have behaved... > > Any ideas??? > > Q. Would: > > " DENY * > * 'RPC Service' " be as effective as the (2) below rules - > in one rule, or should they be separated into LAN and WAN rules like > below? --- [This E-mail scanned for viruses by Declude/F-Prot AV] =================================================================================================== To unsubscribe, send email to [EMAIL PROTECTED] In the body of the email put the following: unsubscribe sonicwall your_name The archive of this list is at http://www.mail-archive.com/sonicwall%40peake.com/
