Educause Security Discussion mailing list archives
A worm exploiting RPC
From: "Bruhn, Mark S." <mbruhn () INDIANA EDU>
Date: Mon, 11 Aug 2003 17:21:30 -0500
We're seeing a lot of traffic associated with this on the Abilene backbone, and it's building steam. You'll want to start looking at your own netflow data right away, if you have access to it, or contact your upstream provider. You're looking for outgoing packets to TCP/135, and they appear to be 48 byte packets. M. -- Mark S. Bruhn, CISSP, CISM Chief IT Security and Policy Officer Interim Director, Research and Educational Networking Information Sharing and Analysis Center (ren-isac () iu edu) Office of the Vice President for Information Technology and CIO Indiana University 812-855-0326 Incidents involving IU IT resources: it-incident () iu edu Complaints/kudos about OVPIT/UITS services: itombuds () iu edu ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- A worm exploiting RPC Bruhn, Mark S. (Aug 11)
- <Possible follow-ups>
- Re: A worm exploiting RPC Bruhn, Mark S. (Aug 11)
- Re: A worm exploiting RPC Jack Suess (Aug 11)
- Re: A worm exploiting RPC Phil Rodrigues (Aug 11)
- Re: A worm exploiting RPC Bruhn, Mark S. (Aug 11)
- Re: A worm exploiting RPC Phil Rodrigues (Aug 11)
- Re: A worm exploiting RPC Bruhn, Mark S. (Aug 11)