RPC errors
Sean Crandall
sean at megapath.net
Tue Aug 12 04:39:06 UTC 2003
This worm is amazing. I have only had filters in place for about 4.5 hours
and I am already approaching 100 million matches for the deny tcp/135 across
my network. Of that, only one customer has said that they needed 135 open
for legimate use (probably more, but I have only heard from the one).
Sean P. Crandall
VP Engineering Operations
MegaPath Networks Inc.
Pleasanton, CA
(925) 201-2530
> -----Original Message-----
> From: McBurnett, Jim [mailto:jmcburnett at msmgmt.com]
> Sent: Monday, August 11, 2003 7:45 PM
> To: John Palmer; nanog at merit.edu
> Subject: RE: RPC errors
>
>
>
> over 24 hours.. started block suday afternoon...
> deny tcp any any eq 445 log (256936 matches)
> deny udp any any eq 445 log (1 match)
> deny tcp any any eq 135 (6984433 matches)
> deny udp any any eq 135 (147654 matches)
> deny udp any any eq netbios-ss
> deny tcp any any eq 139 log (378289 matches)
>
> -----Original Message-----
> From: John Palmer [mailto:nanog at adns.net]
> Sent: Monday, August 11, 2003 8:28 PM
> To: nanog at merit.edu
> Subject: Re: RPC errors
>
>
>
>
> 45 seconds:
>
> deny tcp any any eq 135 (5445 matches)
> deny tcp any any eq 137
> deny tcp any any eq 138
> deny tcp any any eq 139
> deny tcp any any eq 445 (207 matches)
>
> ----- Original Message -----
> From: "Randy Bush" <randy at psg.com>
> To: <nanog at merit.edu>
> Sent: Monday, August 11, 2003 18:52
> Subject: Re: RPC errors
>
>
> >
> > must be fun out there on the net today. one minute of counter
> > accumulation
> >
> > deny tcp any any eq 135 (5721 matches)
> > deny tcp any any eq 137
> > deny tcp any any eq 138
> > deny tcp any any eq 139 (17 matches)
> > deny tcp any any eq 445 (1137 matches)
> >
> > randy
> >
> >
> >
>
More information about the NANOG
mailing list