[60423] in North American Network Operators' Group
RE: RPC errors
daemon@ATHENA.MIT.EDU (Sean Crandall)
Tue Aug 12 00:39:53 2003
From: Sean Crandall <sean@megapath.net>
To: nanog@merit.edu
Date: Mon, 11 Aug 2003 21:39:06 -0700
Errors-To: owner-nanog-outgoing@merit.edu
This worm is amazing. I have only had filters in place for about 4.5 hours
and I am already approaching 100 million matches for the deny tcp/135 across
my network. Of that, only one customer has said that they needed 135 open
for legimate use (probably more, but I have only heard from the one).
Sean P. Crandall
VP Engineering Operations
MegaPath Networks Inc.
Pleasanton, CA
(925) 201-2530
> -----Original Message-----
> From: McBurnett, Jim [mailto:jmcburnett@msmgmt.com]
> Sent: Monday, August 11, 2003 7:45 PM
> To: John Palmer; nanog@merit.edu
> Subject: RE: RPC errors
>
>
>
> over 24 hours.. started block suday afternoon...
> deny tcp any any eq 445 log (256936 matches)
> deny udp any any eq 445 log (1 match)
> deny tcp any any eq 135 (6984433 matches)
> deny udp any any eq 135 (147654 matches)
> deny udp any any eq netbios-ss
> deny tcp any any eq 139 log (378289 matches)
>
> -----Original Message-----
> From: John Palmer [mailto:nanog@adns.net]
> Sent: Monday, August 11, 2003 8:28 PM
> To: nanog@merit.edu
> Subject: Re: RPC errors
>
>
>
>
> 45 seconds:
>
> deny tcp any any eq 135 (5445 matches)
> deny tcp any any eq 137
> deny tcp any any eq 138
> deny tcp any any eq 139
> deny tcp any any eq 445 (207 matches)
>
> ----- Original Message -----
> From: "Randy Bush" <randy@psg.com>
> To: <nanog@merit.edu>
> Sent: Monday, August 11, 2003 18:52
> Subject: Re: RPC errors
>
>
> >
> > must be fun out there on the net today. one minute of counter
> > accumulation
> >
> > deny tcp any any eq 135 (5721 matches)
> > deny tcp any any eq 137
> > deny tcp any any eq 138
> > deny tcp any any eq 139 (17 matches)
> > deny tcp any any eq 445 (1137 matches)
> >
> > randy
> >
> >
> >
>
