The picture is in italian,but the Norton Firewall users can understand what is it.
Is saying that a remote system is trying to access Microsoft Generic Host Process.What a hell is that'
The picture is in italian,but the Norton Firewall users can understand what is it.
Is saying that a remote system is trying to access Microsoft Generic Host Process.What a hell is that'
Hi-Definition
i get the same message sometimes shared, for me it's something called "SVCHOST.exe"
but bill can explain it better than me
microsoft - "svchost.exe"
Forum Star
BT Rep: +2
It's the clock in the lower right corner of Windows XP.
Right click the clock and choose Adjust Date/Time>Click 'Internet Time' tab.
See the automatic time sync? Well that's what is trying to communicate with the internet. Try it out. Remove the rule from the firewall (if you have allowed it before) then click the [Update Now] button and you will see that same message box appear.
Just allow the automatic configuration from Norton to happen. Let it communicate. It keeps you clock proplerly set.
Forum Star
BT Rep: +2
No problem. My pleasure.
°¤°¤°¤°¤°¤°¤°
jeah...
Xp's nice like dat.
no dos command for NTP
/me uses tick.uh.edu
this post is guaranteed 100% parrot-free
Time server?a remote system is trying to access Microsoft Generic Host Process
NO!
Morons!
]There is vulnerability in the part of RPC that deals with message exchange over TCP/IP. This failure is caused by incorrect handling of malformed messages. This particular vulnerability affects a Distributed Component Object Model (DCOM) interface with RPC which listens on TCP/IP port 135, 139 or 445.
This interface handles DCOM object activation requests that are sent by client machines (such as Universal Naming Convention (UNC) paths) to the server. An attacker who successfully exploited this vulnerability would be able to run code with Local System privileges on an affected system.
The DCOM interface with RPC typically runs with system privileges. As a result of the buffer overflow condition a remote attacker could potentially execute code with the same privileges that the DCOM interface is running with.
Sygate Personal Firewall STD and Sygate Personal Firewall PRO are able to stop this vulnerability with default settings of network neighborhood file and print sharing disabled within SPF.
If a user needs to use network neighborhood file sharing the following can be done to prevent the vulnerability using Sygate software products:
Note: No action is needed if you are running Sygate Personal Firewall STD or Sygate Person Firewall PRO with Network Neighborhood file and print sharing disabled within SPF.
For users of Sygate Personal Firewall and Personal Firewall PRO you should use the following steps to restrict access to DCOM by creating an application rule under the “Applications” button, to only allow trusted IP’s to communicate with the Windows “Generic Host Processes” application. (Note: For NT users please use the "Distribute COM Services - RpcSs.exe" application):
1) Select the “Applications” button on the main screen.
2) Highlight the “Generic Host Processes for Win32 service”.
3) Select the “Advanced” button on the Applications Panel.
4) Type IP addresses of the trusted systems which you need to file and print share with in the “Application Restrictions” box for “Trusted IPs for Applications”.
5) Click “OK” to close the “Advanced settings panel”.
6) Click “OK” again on the “Application Panel”
http://www.securityfocus.com/bid/8205/exploit/
i agree in most of your post except where you insult everyone...
i do know about this Generic host process.... its just a service...
its funny tho...
k i got a question..... HOW DID YOU GET TO THE CONCLUSION that it was the time server?
im just wondering...
DWk
from what DL. said, its the blaster worm
Posting Permissions
Reply With Quote
Bookmarks