No, they weren't affected...Unix boxes. RPC in the Win32 world works differently than RPC in the UNIX world. On the windows side of the house, RPC communicates through port 135 (which the virus targetted). In UNIX, RPC is used through a helper service called Portmap, which runs on TCP port 111. But Portmap only tells the requesting host which TCP port the actual RPC service is bound to. This is because a majority of RPC services are bound to a dynamic port on startup. On top of that, the Win32 exploit wouldn't have worked because UNIX can't natively run Win32 code (which the virus was using as a payload). Plus, the method it was exploiting the windows machines wouldn't have worked if it talked to a UNIX RPC service anyways, because the particular overflow wouldn't have been present in the program. Mike -----Original Message----- From: Frederic Giroux [mailto:fgiroux@xxxxxxxxxxxxxx] Sent: Wednesday, August 20, 2003 10:01 AM To: [ExchangeList] Subject: [exchangelist] RE: New Poll on MSExchange.org http://www.MSExchange.org/ Mike Dufoe said... 2000 but after this last outbreak from MS (RPC), my CEO's want me to find another product as they say they can't have down time like this and why should we pay thousands of $$$ for this ???? I am sorry to disagree with your CEO. I do have some empathy for lay people that are affected by Blaster and others of the sort since they do not have the training (or they simply don't care) to realize the importance of upgrading and maintaining systems up-to-date. However, I have much less empathy for SysAdmins that are suppose to know what they are doing. The RPC bug is only another problem in a long list of problems that affect ANY OS. Linux, UNIX and others do have problems and sometimes those problems remain unfixed for a long time of the SysAdmin do not upgrade their systems (recall the BIND bug). I am not a MS fan per say. I respect every OS the way it has to be respected. After years of development, Windows is finally (with 2000) a stable platform that deserves to be in the major leagues. What makes the differences between Windows and other OSes is that Windows is more "democratic" so lots of "wannabe" SysAdmin try it thinking they can easily manage it. This is lack of respect and they eventually have to pay for it. My point is that if you maintain your system up-to-date, manage the firewall properly and do administrative tasks (such as checking your antivirus), you will be able to avoid problems such as the ones caused by Blaster. Of course, all systems have flaws that an intruder can get through (if it can be found). In conclusion, my point is that it is easy to blame Windows and/or Microsoft. Before doing that, start thinking about what YOU could have done to prevent problems and, most of the time, you will realize that you made a mistake along the road. If you switch product, you will realize that they also have their flaws. Frederic Giroux ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSExchange.org Discussion List as: dufoem@xxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')