Re: Linksys wireless router and RPC problem

Subject: Re: Linksys wireless router and RPC problem
From: W.D. McKinney (deem@wdm.com)
Date: Mon Aug 11 2003 - 18:43:45 AKDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Neil Moomey: "Mulit-Card Reader"
• Previous message: Barsalou: "Linksys wireless router and RPC problem"
• In reply to: Barsalou: "Linksys wireless router and RPC problem"
• Reply: W.D. McKinney: "Re: Linksys wireless router and RPC problem"
• Reply: W.D. McKinney: "Re: Linksys wireless router and RPC problem"

Is it not able to turn off ports ?

According to http://isc.sans.org/diary.html?date=2003-08-11 ,
the worm uses the latest popular MS exploit ports, so
" * Close port 135/tcp (and if possible 135-139, 445 and 593) ".

It also uses TCP port 4444 and TFTP = UDP 69 to download its
attack code after getting the initial bootstrap infection.
So you probably want to be blocking TCP 4444 and (if appropriate,
which it usually is, TFTP), and tracing any 4444 activity and TFTPs
to detect attacks.

On Mon, 2003-08-11 at 18:05, Barsalou wrote:
> Anyone have any problems with their linksys wireless router since the
> new Windows RPC problem reared it's ugly head?
>
> Mike

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.

• Next message: Neil Moomey: "Mulit-Card Reader"
• Previous message: Barsalou: "Linksys wireless router and RPC problem"
• In reply to: Barsalou: "Linksys wireless router and RPC problem"
• Reply: W.D. McKinney: "Re: Linksys wireless router and RPC problem"
• Reply: W.D. McKinney: "Re: Linksys wireless router and RPC problem"

This archive was generated by hypermail 2a23 : Mon Aug 11 2003 - 18:43:37 AKDT