RPC errors

• Previous message (by thread): RPC errors
• Next message (by thread): RPC errors
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Mark Segal wrote:
> I just put an access list on one of our cores with some spare cpu cycles..
> And 10% of the traffic looks like port 135 calls.....  Anyone else see this?
> Did I break anything legitimate?
> 
There is legitimate use for 135, although normally it is not used in the 
wild much. From what I can see, the 10% traffic mark is about average 
and should mostly be infected systems. I've seen some tight-in network 
scans from one of my networks to the others (within the same /18). Still 
monitoring loads before I decide to crank in lists between networks to 
limit cross infection. Tomorrow starts the fun... EU contact.

I plan to open up inbound first and let user's get infected, tracking 
and purifying my network for about a week, perhaps two. Then I'll reopen 
the network for full traffic if it looks clean enough. Emergency "Good 
Neighbor" policy. :)


-Jack

• Previous message (by thread): RPC errors
• Next message (by thread): RPC errors
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]