Fab! >> As of today, cybernet started blocking port 135/tcp on the whole >> network.
>> So I wonder, is there a new worm or virus that those ports get blocked? >> How do other ISP handle such situations? > This Port is used for MS-RPC, and was missused from > W32.Blaster/Lovsan and is still being missused from > W32.Welchia/Nachi worm. I have hits of this worm almost every > minute on my ADSL router at home, where I block this port. We also have blocked Port 135 on our customers firewalls, but of course we had them being informed. So far, no complaints have been made, but obviously none of our customers use MS-RPC. > In the log I see, how the worm is checking all of my public IPs > through. Same here: > 00608 3762532 181482278 deny log logamount 256 tcp from any to any 135 in recv de0 > 00608 42900 24274665 deny log logamount 256 udp from any to any 135 in recv de0 CU, Martin ---------------------------------------------- [EMAIL PROTECTED] Maillist-Archive: http://www.mail-archive.com/swinog%40swinog.ch/
