Hosting Provided By

Re: [Snort-sigs] NETBIOS DCERPC ISystemActivator bind attempt

From: Ian Boje <kc0itq(at)perrinetech.com>
Date: Thu Sep 25 2003 - 16:11:36 EDT

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

You might try looknig for the Welcia worm also (assuming you only checked for the MSBlaster worm using the tool provided on the website).

You can look for the a process running called "DLLHOST.EXE" or "MSBLAST.EXE" in your task manager. If they exist, there might be a chance you have it.

On Thu, 25 Sep 2003, d'Ambly, Jeff wrote:

> Has anyone found a false positive for the NETBIOS DCERPC ISystemActivator

-- Ian Boje KC0ITQ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) Comment: Made with pgp4pine 1.76

iD8DBQE/c0v7eYi9Pai6l90RAmEqAJ4ytsWla+f1W2teHtC2+8bdqqmPNQCfTrf3 EP37uNls8TJaLigwCwJBH/8=
=x5gK
-----END PGP SIGNATURE-----

This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven.
http://thinkgeek.com/sf

Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs Received on Thu Sep 25 17:17:16 2003

This message: [ Message body ]
Next message: SoloNet Newsfeed: "[Snort-sigs] sig for recent massive ICMP scans"
In reply to: d'Ambly, Jeff: "[Snort-sigs] NETBIOS DCERPC ISystemActivator bind attempt"
In reply to Sir Fenix: "Re: [Snort-sigs] NETBIOS DCERPC ISystemActivator bind attempt"
Reply: Robert Reid: "RE: [Snort-sigs] NETBIOS DCERPC ISystemActivator bind attempt"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:08:35 EDT