Educause Security Discussion mailing list archives

A worm exploiting RPC

From: "Bruhn, Mark S." <mbruhn () INDIANA EDU>
Date: Mon, 11 Aug 2003 17:21:30 -0500

We're seeing a lot of traffic associated with this on the Abilene
backbone, and it's building steam.  You'll want to start looking at your
own netflow data right away, if you have access to it, or contact your
upstream provider.  You're looking for outgoing packets to TCP/135, and
they appear to be 48 byte packets.

M.

-- 
Mark S. Bruhn, CISSP, CISM

Chief IT Security and Policy Officer
Interim Director, Research and Educational Networking Information
Sharing and Analysis Center (ren-isac () iu edu)

Office of the Vice President for Information Technology and CIO
Indiana University
812-855-0326

Incidents involving IU IT resources: it-incident () iu edu
Complaints/kudos about OVPIT/UITS services: itombuds () iu edu

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.

Current thread:

A worm exploiting RPC Bruhn, Mark S. (Aug 11)
- <Possible follow-ups>
- Re: A worm exploiting RPC Bruhn, Mark S. (Aug 11)
- Re: A worm exploiting RPC Jack Suess (Aug 11)
- Re: A worm exploiting RPC Phil Rodrigues (Aug 11)
- Re: A worm exploiting RPC Bruhn, Mark S. (Aug 11)
- Re: A worm exploiting RPC Phil Rodrigues (Aug 11)
- Re: A worm exploiting RPC Bruhn, Mark S. (Aug 11)