This worm is amazing. I have only had filters in place for about 4.5 hours and I am already approaching 100 million matches for the deny tcp/135 across my network. Of that, only one customer has said that they needed 135 open for legimate use (probably more, but I have only heard from the one). Sean P. Crandall VP Engineering Operations MegaPath Networks Inc. Pleasanton, CA (925) 201-2530
-----Original Message----- From: McBurnett, Jim [mailto:jmcburnett@msmgmt.com] Sent: Monday, August 11, 2003 7:45 PM To: John Palmer; nanog@merit.edu Subject: RE: RPC errors
over 24 hours.. started block suday afternoon... deny tcp any any eq 445 log (256936 matches) deny udp any any eq 445 log (1 match) deny tcp any any eq 135 (6984433 matches) deny udp any any eq 135 (147654 matches) deny udp any any eq netbios-ss deny tcp any any eq 139 log (378289 matches)
-----Original Message----- From: John Palmer [mailto:nanog@adns.net] Sent: Monday, August 11, 2003 8:28 PM To: nanog@merit.edu Subject: Re: RPC errors
45 seconds:
deny tcp any any eq 135 (5445 matches) deny tcp any any eq 137 deny tcp any any eq 138 deny tcp any any eq 139 deny tcp any any eq 445 (207 matches)
----- Original Message ----- From: "Randy Bush" <randy@psg.com> To: <nanog@merit.edu> Sent: Monday, August 11, 2003 18:52 Subject: Re: RPC errors
must be fun out there on the net today. one minute of counter accumulation
deny tcp any any eq 135 (5721 matches) deny tcp any any eq 137 deny tcp any any eq 138 deny tcp any any eq 139 (17 matches) deny tcp any any eq 445 (1137 matches)
randy
On Mon, 11 Aug 2003, Sean Crandall wrote:
This worm is amazing. I have only had filters in place for about 4.5 hours and I am already approaching 100 million matches for the deny tcp/135 across my network. Of that, only one customer has said that they needed 135 open for legimate use (probably more, but I have only heard from the one).
Isnt this a perfect situation for a 135/tcp tarpit? -Dan -- [-] Omae no subete no kichi wa ore no mono da. [-]
participants (2)
-
Dan Hollis
-
Sean Crandall