Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Get that firewall up!
view: topics flat text 
Post a:

Comments on news posted 2003-08-11 19:30:36: It appears that a new worm (for now we're calling it msblast after its executable, msblast.exe) has surfaced today. ..

page: 1 · 2 · 3

redstepchild
Premium
join:2002-01-04
Birmingham, AL

Worm Diaries

»isc.sans.org/diary.html?date=2003-08-11

Everything in the Techy world that is W32.Blaster.Worm related
--
I'm a Cable girl.. In a Cable World.....RedStepChild@dslr.net
permalink · 2003-08-12 02:38:29 · Reply to this

T0rn
Premium
join:2001-05-11
USA

Cured

Well, if you can directly download the RPC patch from Microsoft's website, and you've already cleared your system from msblast.exe (and it's registry entry) it should solve any issues you're facing because of this bug. It's helped me, thanks a certain individual here at BBR.
--
"I will tear your entrails and use them as a necklace!" -Bahl'al the Watcher
permalink · 2003-08-12 03:30:39 · Reply to this

mrwicked

join:2002-03-20
Escondido, CA

135

How do I see if port 135 on my router is being hit??
permalink · 2003-08-12 04:39:54 · Reply to this

StudioTech
S2409W plus SA4250HD

join:2001-10-10
Edison, NJ

Preventing 135 from opening in XP

There is a site that showed step by step details of how to to close port 135 in 2000 and XP. I'm at work so I don't have the site at hand but I'll post it when I get home. While the steps that they showed worked in 2000, they didn't work in XP. Has anyone had any luck actually preventing port 135 from opening at all in XP?
[text was edited by author 2003-08-12 08:26:46]
permalink · 2003-08-12 08:26:08 · Reply to this

deltat2000
Timor Omnis Abesto
Premium
join:2000-04-13
127.0.0.1
clubs:

Got my firewall up!!!!!!!!!!!!!!!!

HTTP/1.1 Server Too Busy

It would seem that Windows Update site is kinda busy.......lmao
--
"Lets Roll" You are missed Todd.The Future Is Purchased By The Present!
permalink · 2003-08-12 09:49:51 · Reply to this

Rejected One
I Suffer From Id10t Errors
Premium
join:2003-07-31
Wilmington, DE
clubs:
·Juno Express

Here u go :)

W32.Blaster.Worm is a worm that will exploit the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135. This worm will attempt to download and run the Msblast.exe file.

Block access to TCP port 4444 at the firewall level, and then block the following ports, if they do not use the applications listed:

TCP Port 135, "DCOM RPC"
UDP Port 69, "TFTP"
--
Hack The Planet :P

The Rejected Few²
permalink · 2003-08-12 10:06:05 · Print · Reply to this
wwildbh

join:2000-10-25
Harrisburg, PA

Re: Here u go :)

Attempt???!!! That needs to be changed to "WILL"
permalink · 2003-08-12 10:39:16 · Reply to this
fleshkopter

join:2001-12-03
Seattle, WA

spendid job Mr. Gates, heh

that's all.
permalink · 2003-08-12 11:57:21 · Reply to this

Jafo232
You Can't Spell Democrat Without Rat.
Premium
join:2002-10-17
Boonville, NY
·RoadRunner Cable

Symantec Tool

Symantec has released a tool to remove the worm:

»securityresponse.symantec.com/av···last.exe

Good luck.
--
nos insuadibilis defessus, nos insuadibilis inclino, nos insuadibilis concido.
permalink · 2003-08-12 12:26:29 · Reply to this
froggy58

join:2002-05-07
Cape Canaveral, FL

Why is this considered New

Seems like many failed to get on the boat... I've been seeing folks complaining about this flaw with the countdown to shutoff XP machines for at least 2 weeks(more frequent complaints over the past few days).

The patch from MS was out sometime around the 17th of July.

This is one case a two pronged firewall setup rules. I've not see one port 135 probe hit my ZA FW yet, but I'm sure my hardware firewall is very busy piece of equipment.

Frog
permalink · 2003-08-12 16:04:14 · Reply to this
spinkorama

join:2003-04-05
usa

Early worm getting the bird?

A week ago today, Tuesday, I did a win update on my 98. After the system rebooted all I could get was text on my websites and markers where graphics should have been. While cursing a blue streak I checked setting after setting and discovered something had turned off some of my advanced internet settings. Growling I turned them back on and cursed win update.

I work in tech support and when this new worm started showing up I kept asking customers if they had added/removed and hardware/software or updated their windows. Everyone said no. They obviously didnt know their computer had done it for them. Automatic updates may not be a good thing.
permalink · 2003-08-12 16:55:58 · Print · Reply to this
WolfJaguar

join:2003-03-20
Portland, OR

ddd

Too many damn losers on the Comcast network have it too, I keep getting pegged on port 135. Argh. at least my NAT is bouncing them. I have all the ips, perhaps I should send the list to Comcast and have them ignore it.
permalink · 2003-08-13 03:56:34 · Reply to this
Forums » Get that firewall up!page: 1 · 2 · 3

Wednesday, 09-Dec 21:40:13 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.republican-creole
page compression OFF