[THIN] Re: *** RPC ALERT *** We got hit.

• To: <thin@xxxxxxxxxxxxx>
• Date: Fri, 1 Aug 2003 11:21:52 -0400

Don't you just love it when we find out about this stuff on Friday?
$%^&*(

 

--Brian

-----Original Message-----
From: Ryan Lambert [mailto:rlambert@xxxxxxxxxxxxxxx]
Sent: Friday, August 01, 2003 11:22 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: *** RPC ALERT *** We got hit.


John,

Excellent point.

Brought that one up today as a possibility. I wasn't actually aware it
was a truth. 

Good info.

-----Original Message-----
From: John Twilley [mailto:John.Twilley@xxxxxxxxxxxxxxxxxxxxx] 
Sent: Friday, August 01, 2003 11:15 AM
To: 'thin@xxxxxxxxxxxxx'
Subject: [THIN] Re: *** RPC ALERT *** We got hit.


Once a single PC in the company has the exploit... It is coming from
inside.

Hackers are creating trojans / other packages to trigger this..

It is not just a "hide port 135" thing.

John types (as he updates 3000 + workstations)

 

-----Original Message-----
From: Ryan Lambert [mailto:rlambert@xxxxxxxxxxxxxxx] 
Sent: Friday, August 01, 2003 11:06 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: *** RPC ALERT *** We got hit.

John,

Basic FW filtering should mitigate this relatively effectively?

-----Original Message-----
From: John Twilley [mailto:John.Twilley@xxxxxxxxxxxxxxxxxxxxx]
Sent: Friday, August 01, 2003 11:00 AM
To: 'thin@xxxxxxxxxxxxx'
Subject: [THIN] *** RPC ALERT *** We got hit.
Importance: High

 
Just a heads up...
You all have heard on the RPC exploit that effects Win NT/2000/XP/2003.

We just got a taste of it in our Italy office...and it is BAD!  VERY
BAD.


Win XP / 2000 / 2003

You will notice that the DEFAULT recover setting for the RPC service is
to
(Drum-Roll)
RESTART the server after 1 minute.

Guess what, it does.   
Server restarts every couple of minutes. 

WOW.

Take it from me... PATCH EVERYTHING NOW.   Yes.  Everything.

More Details.
http://www.microsoft.com/technet/treeview/?url=/technet/security/bulleti
n/MS
03-026.asp

********************************************************
This weeks sponsor - RTOSoft TScale
Complaints about applications response time - DO SOMETHING ABOUT IT!
TScale 2.0 improves applications response time and increases terminal
server
capacity. Really get MORE from your existing servers! Free eval:
http://www.rtosoft.com/enter.asp?id=130
**********************************************************
Useful Thin Client Computing Links are available at:
http://thethin.net/links.cfm

For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode
use
the below link:
http://thethin.net/citrixlist.cfm
********************************************************
This weeks sponsor - RTOSoft TScale
Complaints about applications response time - DO SOMETHING ABOUT IT!
TScale 2.0 improves applications response time and increases terminal
server
capacity. Really get MORE from your existing servers! Free eval:
http://www.rtosoft.com/enter.asp?id=130
**********************************************************
Useful Thin Client Computing Links are available at:
http://thethin.net/links.cfm

For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode
use
the below link:
http://thethin.net/citrixlist.cfm
********************************************************
This weeks sponsor - RTOSoft TScale 
Complaints about applications response time - DO SOMETHING ABOUT IT!
TScale 2.0 improves applications response time and increases terminal
server capacity. Really get MORE from your existing servers! Free eval:
http://www.rtosoft.com/enter.asp?id=130
**********************************************************
Useful Thin Client Computing Links are available at:
http://thethin.net/links.cfm

For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm
********************************************************
This weeks sponsor - RTOSoft TScale 
Complaints about applications response time - DO SOMETHING ABOUT IT!
TScale 2.0 improves applications response time and increases terminal
server capacity. Really get MORE from your existing servers! Free eval:
http://www.rtosoft.com/enter.asp?id=130
**********************************************************
Useful Thin Client Computing Links are available at:
http://thethin.net/links.cfm

For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm
********************************************************
This weeks sponsor - RTOSoft TScale 
Complaints about applications response time - DO SOMETHING ABOUT IT!
TScale 2.0 improves applications response time and increases terminal
server capacity. Really get MORE from your existing servers! Free eval:
http://www.rtosoft.com/enter.asp?id=130
**********************************************************
Useful Thin Client Computing Links are available at:
http://thethin.net/links.cfm

For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm

Other related posts:

• » [THIN] *** RPC ALERT *** We got hit.
• » [THIN] Re: *** RPC ALERT *** We got hit.
• » [THIN] Re: *** RPC ALERT *** We got hit.
• » [THIN] Re: *** RPC ALERT *** We got hit.
• » [THIN] Re: *** RPC ALERT *** We got hit.
• » [THIN] Re: *** RPC ALERT *** We got hit.
• » [THIN] Re: *** RPC ALERT *** We got hit.
• » [THIN] Re: *** RPC ALERT *** We got hit.
• » [THIN] Re: *** RPC ALERT *** We got hit.
• » [THIN] Re: *** RPC ALERT *** We got hit.
• » [THIN] Re: *** RPC ALERT *** We got hit.
• » [THIN] Re: *** RPC ALERT *** We got hit.
• » [THIN] Re: *** RPC ALERT *** We got hit.
• » [THIN] Re: *** RPC ALERT *** We got hit.
• » [THIN] Re: *** RPC ALERT *** We got hit.
• » [THIN] Re: *** RPC ALERT *** We got hit.
• » [THIN] Re: *** RPC ALERT *** We got hit.
• » [THIN] Re: *** RPC ALERT *** We got hit.
• » [THIN] Re: *** RPC ALERT *** We got hit.
• » [THIN] Re: *** RPC ALERT *** We got hit.
• » [THIN] Re: *** RPC ALERT *** We got hit.

1. Home
2. thin
3. Archive
4. 08-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---