i get a new edition added to my security log like every hour or two, what does this mean? i opened it for the first time yesterday and there were probably 100 logs in there.
i get a new edition added to my security log like every hour or two, what does this mean? i opened it for the first time yesterday and there were probably 100 logs in there.
That is an indication that your firewall is doing it's job. I trust sygate pf pro and get alot of these, but you have not specified the kind of attack it is. Please click on the yellow and red shield to display the explanation and tell me what it is.
Click the longhorn icon to visit my website.
<span style='color:blue'><span style='font-size:8pt;line-height:100%'> You try Everything in my/our post(s) at YOUR own risk. I/we do not take responsibily for damages, caused by the post(s). Clicking on/or modifying anything in here is not permitted. Whoever edits my sig is a pussy.</span></span>
::::::::::::::::::::::::::::::::::::::::
[181.1] Inbound DCE BIND to potentially vulnerable RPC DCOM interface attempt detected
all the ones with red and yellow sheilds are whats listed above
Traffic from IP address 24.222.28.11 is blocked from 02/01/2004 13:19:36 to 02/01/2004 13:29:36.
above is what just yellow sheilds say
since i posted a few mins ago i got more,
Run Telnet (go to Start/Run, write telnet and press OK) and set the Remote System like this:
Host: localhost
Port: (port hes connecting to/from)
Term Type: leave it as vt100
Try to write 'GET /default.ida?' (Code Red standard) and hit the Enter key
I think I got that right...hmmmm
If this gets deleted then oh well
edited
its a dos like program right?Originally posted by Java Boy@1 February 2004 - 16:44
Run Telnet (go to Start/Run, write telnet and press OK) and set the Remote System like this:
Host: localhost
Port: (port hes connecting to)
Term Type: leave it as vt100
Try to write 'GET /default.ida?' (Code Red standard) and hit the Enter key
I think I got that right...hmmmm
If this gets deleted then oh well
i tried typeing GET /default.ida, nothing happens. is that what i should type?
thanks for the help
Sorry mate...I shouldnt of posted that stuff...it will get you in to trouble i suspect.forget whAT I POSTED AND WAIT FOR SOMEONE WHO USES sYGATE TO COME BACK...THEYLL BE MORE KNOWLEDGEABLE ON THE TOPIC THAN i...
Sorry bout the caps..too lazy to correct it now
Yeps that is what I thought, I got that attack many times.Originally posted by scottwile@2 February 2004 - 01:17
[181.1] Inbound DCE BIND to potentially vulnerable RPC DCOM interface attempt detected
all the ones with red and yellow sheilds are whats listed above
Traffic from IP address 24.222.28.11 is blocked from 02/01/2004 13:19:36 to 02/01/2004 13:29:36.
above is what just yellow sheilds say
solution:
get SafeXp and disable dcom services for good.
block generic host process for win32 services (svhost.exe)(that will prevent them from even connecting and trying to attack) but it might affect some websites, so if you get any problems, unblock it. Usually i dun get any problems.
note: use the above @ ur own risk
You usually ge these when u scan other ips for proxies for example, but it is not nessesarily that this is the case.
<span style='color:blue'><span style='font-size:8pt;line-height:100%'> You try Everything in my/our post(s) at YOUR own risk. I/we do not take responsibily for damages, caused by the post(s). Clicking on/or modifying anything in here is not permitted. Whoever edits my sig is a pussy.</span></span>
::::::::::::::::::::::::::::::::::::::::
nm didnt read last post
This place http://grc.com/default.htm will take care of all those services you dont need running such as DCOM,Un-Plug& Play,XPdite etc
Posting Permissions
Reply With Quote
Bookmarks