[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-security] W32/Lovsan.worm Attacking Port 135
- Subject: RE: [cobalt-security] W32/Lovsan.worm Attacking Port 135
- From: "James Nesbitt \(IHQ Network\)" <ihq-network@xxxxxxx>
- Date: Wed, 13 Aug 2003 09:04:07 +0800
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
I have a WatchGuard SOHO protecting my Qube, I just decided to tell the
WatchGuard to blatantly go and deny anything that tries to go in or out on
that port - so I wish the worm the best of luck in trying to infect me. And
if my network does get infected, it'll at least be contained.
Regards,
James Nesbitt
-----Original Message-----
From: cobalt-security-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-security-admin@xxxxxxxxxxxxxxx]On Behalf Of Graeme Fowler
Sent: Wednesday, August 13, 2003 01:45
To: cobalt-security@xxxxxxxxxxxxxxx
Subject: RE: [cobalt-security] W32/Lovsan.worm Attacking Port 135
On 12 August 2003 18:22, Rex Gaylord wrote:
> Is anybody else getting attacks on Port 135 that is related to this
> new virus and do you know if we are vulnerable. It looks like it only
> infects windows machines to me so far?
1. Yes
2. No [see below]
3. Indeed, it is another worm exploiting another vulnerability in the
underlying Windows subsystems (this time it's the RPC subsystem, crucial
to normal operation).
[note]
If you're running a publically-accessible Samba server (on a Qube, for
example), it _might_ cause a local service DoS if it manages to make the
daemon crash. It won't, however, exploit it since the hole is in
Windows, not Samba, code.
Graeme
_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security