[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] Re: Secure.dcom.exe

To: <incidents@securityfocus.com>, <full-disclosure@lists.netsys.com>
Subject: RE: [Full-Disclosure] Re: Secure.dcom.exe
From: "Wcc" <wcc@techmonkeys.org>
Date: Fri, 8 Aug 2003 15:50:08 -0400

> opticfiber wrote:
> 
> > On a chance I connected to the irc server 
> mentioned.(irc.homelien.no). 
> > Did a channel search for "rpc" and found a channel called 
> "#rpcfucked" 
> > with a contant stream of clients connecting and 
> disconnecting. Below 
> > is a transcript of the channel for about five minutes or so.

They all appear to be on either eatel.net or arcor-ip.net's networks. This
would lead me to believe that this worm infects via it's own network and not
by finding random ip's.

Will Buckner (Wcc)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [normal] RE: [Full-Disclosure] Re: Secure.dcom.exe
  - From: opticfiber <opticfiber@topsight.net>

References:
- [Full-Disclosure] Re: Secure.dcom.exe
  - From: opticfiber <opticfiber@topsight.net>

Prev by Date: RE: [Full-Disclosure] Vulnerability Disclosure Debate
Next by Date: RE: [Full-Disclosure] Vulnerability Disclosure Debate
Prev by thread: [Full-Disclosure] Re: Secure.dcom.exe
Next by thread: Re: [normal] RE: [Full-Disclosure] Re: Secure.dcom.exe
Index(es):
- Date
- Thread