-
We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.
massive RPC worm working its way
- Thread starter spidey07
- Start date
cleverhandle
Diamond Member
No. RPC is related to NetBIOS, but they're not the same. You need a patch or a firewall. Or both.
MysticLlama
Golden Member
Yeah, this thing has been annoying the heck out of me the last few days.
I have a set of PCs I'm working on that can't be set up behind the firewall because of IP address conflicts and such, but I finally had to give up and put them behind their own firewall.
It is hitting our IPs here so hard that in the time I could assign an IP address to it and go download the file, I'd get hit with the one that crashes RPC and gives you 60 seconds before it shuts down.
What a PITA.
I also threw up a couple of test boxes to play around with the effects of the different variants (I blocked outgoing traffic on anything but a few ports so as not to add to the chaos). It seems that there are a few floating around that don't actually do anything to the machine (I tried searching for all of the files that the different variants use) but simply just crashes it.
It's amazing to me how many times this has hit our external boxes and how fast it hits a box as soon as it hits the net and yet there seems to be a much smaller than normal about of press for it.
I have a set of PCs I'm working on that can't be set up behind the firewall because of IP address conflicts and such, but I finally had to give up and put them behind their own firewall.
It is hitting our IPs here so hard that in the time I could assign an IP address to it and go download the file, I'd get hit with the one that crashes RPC and gives you 60 seconds before it shuts down.
What a PITA.
I also threw up a couple of test boxes to play around with the effects of the different variants (I blocked outgoing traffic on anything but a few ports so as not to add to the chaos). It seems that there are a few floating around that don't actually do anything to the machine (I tried searching for all of the files that the different variants use) but simply just crashes it.
It's amazing to me how many times this has hit our external boxes and how fast it hits a box as soon as it hits the net and yet there seems to be a much smaller than normal about of press for it.
I'm on via dialup. Cox cable is down in my neighborhood because the wire is so congested.
I called the help desk, because I've logged the addresses that are blabbing on my segment. They took the information, but didn't seem all that interested in it. I figured they could kill the ports on the local switch.
So I shutdown the cable modem and dialed up.
Sucks, but what can ya do ....
FWIW
Scott
I called the help desk, because I've logged the addresses that are blabbing on my segment. They took the information, but didn't seem all that interested in it. I figured they could kill the ports on the local switch.
So I shutdown the cable modem and dialed up.
Sucks, but what can ya do ....
FWIW
Scott
We blocked port 135, 139 and 449 (I think that's what it is) a week ago when all those RPC vulnerabilities came out.
We knew for certain that our customers wouldn't patch, and we don't want to deal with the congestion that they will
output.
The more I think about it, the more I think that the Internet is a time bomb waiting to happen. There are way too many
insecure machines out there.
We knew for certain that our customers wouldn't patch, and we don't want to deal with the congestion that they will
output.
The more I think about it, the more I think that the Internet is a time bomb waiting to happen. There are way too many
insecure machines out there.
FracturedSoul
Member
Actually its port 445.
Barnaby W. Füi
Elite Member
I'm on cable, but thankfully, haven't had any problems. Not even a minor speed hit. 🙂
This is a really interesting topic. I'm curious if my mom got it last night - she called me and said she was getting a window that would pop up and say "RPC is shutting down your computer" and it would go through a countdown. I remember actually getting this last week, but can't remember if it was Autorooter or LoveSan (a form of Autorooter apparently.
ALSO - can WindowsXP's internal firewall block ports, or is that just not possible. I know installing third-party software is better of course, but I'm just curious if MS's firewall its even capable of blocking this port
Does this really help any? My mom was on dialup!
So WHAT ports are being attacked exactly? I think its actually all of the above?
ALSO - can WindowsXP's internal firewall block ports, or is that just not possible. I know installing third-party software is better of course, but I'm just curious if MS's firewall its even capable of blocking this port
jbritt1234
Senior member
I got hit with this last night; RPC service terminating and you have 60 seconds to save work before your PC will shutdown. Sucks!
Well, viruses are not my area of expertise, but why don't you all just apply the security patch provided by Microsoft??? After I could finally get the patch downloaded and installed without shutting down, the problems have stopped.
Well, viruses are not my area of expertise, but why don't you all just apply the security patch provided by Microsoft??? After I could finally get the patch downloaded and installed without shutting down, the problems have stopped.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 25K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 24K
-
-
