Your Ad Here Your Ad Here
Page 1 of 4 1234 LastLast
Results 1 to 10 of 31

Thread: Wtf?

  1. #1
    The picture is in italian,but the Norton Firewall users can understand what is it.



    Is saying that a remote system is trying to access Microsoft Generic Host Process.What a hell is that'

  2. Software & Hardware   -   #2
    asmithz's Avatar Hi-Definition
    Join Date
    Jun 2003
    Posts
    11,082
    It accsessing the internet, i wouldn't worry. Its just over reacting.

  3. Software & Hardware   -   #3
    Forum Star
    Join Date
    May 2003
    Location
    Bonnie Scotland
    Posts
    1,791
    i get the same message sometimes shared, for me it's something called "SVCHOST.exe"

    but bill can explain it better than me

    microsoft - "svchost.exe"

  4. Software & Hardware   -   #4
    Virtualbody1234's Avatar Forum Star BT Rep: +2
    Join Date
    Oct 2003
    Location
    Canada
    Posts
    11,497
    It's the clock in the lower right corner of Windows XP.

    Right click the clock and choose Adjust Date/Time>Click 'Internet Time' tab.

    See the automatic time sync? Well that's what is trying to communicate with the internet. Try it out. Remove the rule from the firewall (if you have allowed it before) then click the [Update Now] button and you will see that same message box appear.



    Just allow the automatic configuration from Norton to happen. Let it communicate. It keeps you clock proplerly set.

  5. Software & Hardware   -   #5
    asmithz's Avatar Hi-Definition
    Join Date
    Jun 2003
    Posts
    11,082
    Hey i didnt know that VB1234 thank for the info.

  6. Software & Hardware   -   #6
    Virtualbody1234's Avatar Forum Star BT Rep: +2
    Join Date
    Oct 2003
    Location
    Canada
    Posts
    11,497
    No problem. My pleasure.

  7. Software & Hardware   -   #7
    sparsely's Avatar °¤°¤°¤°¤°¤°¤°
    Join Date
    Dec 2002
    Location
    static hum
    Posts
    3,538
    jeah...
    Xp's nice like dat.
    no dos command for NTP
    /me uses tick.uh.edu

    this post is guaranteed 100% parrot-free

  8. Software & Hardware   -   #8
    Poster
    Join Date
    Oct 2003
    Posts
    169
    a remote system is trying to access Microsoft Generic Host Process
    Time server?

    NO!

    Morons!




    There is vulnerability in the part of RPC that deals with message exchange over TCP/IP. This failure is caused by incorrect handling of malformed messages. This particular vulnerability affects a Distributed Component Object Model (DCOM) interface with RPC which listens on TCP/IP port 135, 139 or 445.

    This interface handles DCOM object activation requests that are sent by client machines (such as Universal Naming Convention (UNC) paths) to the server. An attacker who successfully exploited this vulnerability would be able to run code with Local System privileges on an affected system.

    The DCOM interface with RPC typically runs with system privileges. As a result of the buffer overflow condition a remote attacker could potentially execute code with the same privileges that the DCOM interface is running with.
    Sygate Personal Firewall STD and Sygate Personal Firewall PRO are able to stop this vulnerability with default settings of network neighborhood file and print sharing disabled within SPF.

    If a user needs to use network neighborhood file sharing the following can be done to prevent the vulnerability using Sygate software products:

    Note: No action is needed if you are running Sygate Personal Firewall STD or Sygate Person Firewall PRO with Network Neighborhood file and print sharing disabled within SPF.

    For users of Sygate Personal Firewall and Personal Firewall PRO you should use the following steps to restrict access to DCOM by creating an application rule under the “Applications” button, to only allow trusted IP’s to communicate with the Windows “Generic Host Processes” application. (Note: For NT users please use the "Distribute COM Services - RpcSs.exe" application):

    1) Select the “Applications” button on the main screen.
    2) Highlight the “Generic Host Processes for Win32 service”.
    3) Select the “Advanced” button on the Applications Panel.
    4) Type IP addresses of the trusted systems which you need to file and print share with in the “Application Restrictions” box for “Trusted IPs for Applications”.
    5) Click “OK” to close the “Advanced settings panel”.
    6) Click “OK” again on the “Application Panel”


    ]

    http://www.securityfocus.com/bid/8205/exploit/

  9. Software & Hardware   -   #9
    BANNED
    Join Date
    Jul 2003
    Location
    Guatemala
    Posts
    4,097
    i agree in most of your post except where you insult everyone...

    i do know about this Generic host process.... its just a service...

    its funny tho...

    k i got a question..... HOW DID YOU GET TO THE CONCLUSION that it was the time server?

    im just wondering...

    DWk

  10. Software & Hardware   -   #10
    Poster
    Join Date
    Sep 2003
    Location
    Florida
    Posts
    594
    from what DL. said, its the blaster worm

Page 1 of 4 1234 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •