[60360] in North American Network Operators' Group
Re: dcom worm released
daemon@ATHENA.MIT.EDU (Johannes Ullrich)
Thu Aug 7 10:39:10 2003
From: Johannes Ullrich <jullrich@euclidian.com>
Reply-To: jullrich@euclidian.com
To: Len Rose <len@netsys.com>
Cc: nanog@nanog.org
In-Reply-To: <20030807132030.GB17567@netsys.com>
Date: Thu, 07 Aug 2003 10:37:59 -0400
Errors-To: owner-nanog-outgoing@merit.edu
> To clarify -- I'm talking about a worm based around the
> exploit.
For the last few days (maybe its a full week now), we
do see SDBot variants that include the RPC DCOM exploit.
This has so far explained the increase in rpc scan
activity. At this point, I don't think they qualify
as a 'worm'. But its close.
http://www.dshield.org/port_report.php?port=135&recax=1&tarax=1
On the other hand, SQL Slammer is still a lot more
active at this point:
http://www.dshield.org/port_report.php?port=1434&recax=1&tarax=1
>
> On Thu, Aug 07, 2003 at 06:34:02AM -0400, Len Rose wrote:
> >
> >
> > It seems to be true.. I haven't seen any
> > code yet but--
> >
> > http://lists.netsys.com/pipermail/full-disclosure/2003-August/007717.html
--
--------------------------------------------------------------
Johannes Ullrich jullrich@euclidian.com
pgp key: http://johannes.homepc.org/PGPKEYS
--------------------------------------------------------------
"We regret to inform you that we do not enable any of the
security functions within the routers that we install."
support@covad.net
--------------------------------------------------------------
