June 23rd, 2003, 02:16 AM
RPC Shutdown in WinXP?
I was in a heated argument with someone on IRC, when a notice popped up on my screen and told me something to the effect of "SOmeone has requested a shutdown using RPC .. Please save all work as computer will reboot in 30 seconds.. " SUre enough, after the 30 had passed, it rebooted.. Is this an attack by this IRC'er? If so, how did he/she do it, and how do I prevent it from happening again?
June 23rd, 2003, 02:22 AM
Funny you should mention that. We were just discussing that in http://www.antionline.com/showthread...hreadid=245206
People can use the win2k resource kit toolz to do this on boxes that are nt4, 2k and xp.
Do you have a firewall installed? If not.. you really should think about installing one. There are plenty that are free... search the forums for more info regarding this. That has also been discussed several times here.
If you haven't read that link yet... PuRe just replied with a good solution for ya!
If you don't have admin tools in your start menu... you can get to it by start --> control panel --> admin tools
Originally posted here by PuReExcTacy
You can disable the remote shutdown feature, independantly, do the following:
local security policy
from here it's either in user priviledges or network access
there is an option for who is allow to do remote shutdowns. Simply remove everyone and no one will be able to do a remote shutdown, period!
is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
June 23rd, 2003, 02:29 AM
On the command line a 'shutdown /a' will abort an active shutdown in XP
Appearently the person that did this to you is not the smartest since he did not set the time limit. (30 is default).
To prevent things like this happening take phishphreek80 's advice and install a firewall on your computer.
Also disable unneccesary services. This topic has also been covered to an high extent before so do a search in the 'Microsoft security discussions' forum
Hope that can be of any help
June 23rd, 2003, 02:35 AM
I was wondering this as well, seems windows cant run without the RPC service enabled. A while back when I had a trojan infection I was shutting down all instances of SVCHOST.EXE. Upon killing that process I was given a dialog box saying I had 1 minute to save my work because the comp. was rebooting. I've been curious since then.
Phish, thanks for posting that link, it helps.
June 23rd, 2003, 02:41 AM
Yes, you cannot, or should not disable the RPC service, however it is safe to disable the RPC locator.
June 23rd, 2003, 05:07 AM
I think the best firewall is zone alarm. but that is what i think
June 23rd, 2003, 06:39 AM
/me thinks someone has been to grc.com to much lately.
\"Ignorance is bliss....
but only for your enemy\"
June 23rd, 2003, 08:17 AM
So you know, there is an option in the local security policy that askes, "Deny access to this computer from the network" put everyone in there. That'll keep pranksters from pulling off that kiddie stuff.