Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to the Virus.Org Mailing List Archive  
.
.


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


Re: RPC DCOM exploit
.

  • To: "Barry Fitzgerald" <[EMAIL PROTECTED]>, "Peter Fry" <[EMAIL PROTECTED]>
  • Subject: Re: RPC DCOM exploit
  • From: "morning_wood" <[EMAIL PROTECTED]>
  • Date: Mon, 4 Aug 2003 08:16:34 -0700
  • Cc: <[EMAIL PROTECTED]>
  • References: <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
.
 
>
> Hmm...
>
> I haven't seen system log corruption, yet.  I'll have to keep my eye out
> for that.
>

Neither have I

>
> In my latest tests, I've gotten failed processes on Windows 2000 SP2
> boxen but Windows 2000 SP3/4 boxen have functioned properly after the
> attack - with the attack only working once until a reboot occurs.
>
>        -Barry
>
>
I still see mixed results in testing XP versions from 60 sec reboots no
none, some reboot 60 secs after you exit shell, some dont.
proally the best thing is to actually patch, firewall and mabey run a
border IDS looking for the signatures I published.

Donnie
http://32-labs.com
http://exploitlabs.com




---------------------------------------------------------------------------
----------------------------------------------------------------------------
 
.
.
 
Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.