Results 1 to 8 of 8

Thread: RPC Shutdown in WinXP?

  1. #1
    Junior Member
    Join Date
    Aug 2002
    Posts
    1

    RPC Shutdown in WinXP?

    I was in a heated argument with someone on IRC, when a notice popped up on my screen and told me something to the effect of "SOmeone has requested a shutdown using RPC .. Please save all work as computer will reboot in 30 seconds.. " SUre enough, after the 30 had passed, it rebooted.. Is this an attack by this IRC'er? If so, how did he/she do it, and how do I prevent it from happening again?

  2. #2
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    Funny you should mention that. We were just discussing that in http://www.antionline.com/showthread...hreadid=245206

    People can use the win2k resource kit toolz to do this on boxes that are nt4, 2k and xp.

    Do you have a firewall installed? If not.. you really should think about installing one. There are plenty that are free... search the forums for more info regarding this. That has also been discussed several times here.

    If you haven't read that link yet... PuRe just replied with a good solution for ya!

    Originally posted here by PuReExcTacy
    You can disable the remote shutdown feature, independantly, do the following:

    start
    administration tools
    local security policy
    from here it's either in user priviledges or network access
    there is an option for who is allow to do remote shutdowns. Simply remove everyone and no one will be able to do a remote shutdown, period!



    --PuRe www.pureescape.net
    If you don't have admin tools in your start menu... you can get to it by start --> control panel --> admin tools
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  3. #3
    On the command line a 'shutdown /a' will abort an active shutdown in XP
    Appearently the person that did this to you is not the smartest since he did not set the time limit. (30 is default).
    To prevent things like this happening take phishphreek80 's advice and install a firewall on your computer.
    Also disable unneccesary services. This topic has also been covered to an high extent before so do a search in the 'Microsoft security discussions' forum

    Hope that can be of any help
    Buenos Dias
    noODle

  4. #4
    I was wondering this as well, seems windows cant run without the RPC service enabled. A while back when I had a trojan infection I was shutting down all instances of SVCHOST.EXE. Upon killing that process I was given a dialog box saying I had 1 minute to save my work because the comp. was rebooting. I've been curious since then.

    Phish, thanks for posting that link, it helps.

  5. #5
    Senior Member
    Join Date
    May 2003
    Posts
    747
    Yes, you cannot, or should not disable the RPC service, however it is safe to disable the RPC locator.

  6. #6
    Junior Member
    Join Date
    Jun 2003
    Posts
    4
    I think the best firewall is zone alarm. but that is what i think

  7. #7
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Location
    Flint, MI
    Posts
    2,883
    /me thinks someone has been to grc.com to much lately.
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

  8. #8
    Senior Member
    Join Date
    Mar 2003
    Posts
    452
    So you know, there is an option in the local security policy that askes, "Deny access to this computer from the network" put everyone in there. That'll keep pranksters from pulling off that kiddie stuff.


    --PuRe www.pureescape.net
    Like this post? Visit PuRe\'s Information Technology Community. We\'ve also got some kick ass Technology Forums. Shop for books and dvds on LiveWebShop.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •