A lot of poeple were fearing a worm based on the RPC exploit. That could be what you see or
maybe a kiddie on cable who's scanning his subnet.
Printable View
A lot of poeple were fearing a worm based on the RPC exploit. That could be what you see or
maybe a kiddie on cable who's scanning his subnet.
SANS has the Internet Storm Center, where they publish info they gather. The scan report for port 135 is HERE and you can really see the increase in scan against 135, since the exploit code was released just over a week ago.
omalakai: Good work..... Nice to see that the sources are not increasing though. It implies the success rate is not great.
Could be that someone's compromising or cataloging a LOT of machines out there though.
I've got a bad feeling about this one. My hunch is that when the worm does come, and I'm convinced that it will, that it will be a blended attack of a peer-to-peer worm exploiting the RPC flaw, plus a mass-mailer that will be able to drop a worm inside corporate firewalls. So, if you're reliant on the firewall to keep it out, basically you're in deep trouble. I guess the most effective email-based virus at the moment is Sobig, so if you ride piggyback on a variant of that, then you've got a good chance of getting through.
In other words, patch everything that's safe to patch and keep an eye the situation as it develops. :(