Preface: MS rpc dumpLogo -Internet Security Systems

MS rpc dump
advICE :Intrusions : 2002801
 FAQ
Oh my gosh, I'm being HACKED!!!
How do I report the hacker to my ISP?
I'm seeing lots of attacks, is this normal?
Summary

An intruder has scanned your system for RPC/DCOM services. The intruder may be looking for holes in your system in order to gain entry.

Details

An attempt was made to download a list of all RCP/DCOM services. This is a special command that can be sent to the "RPC End-Point Mapper" running at port 135.

This attack doesn't break into the system itself. This is part of the reconnaissance stage of an attack, where the hacker scopes out his/her victim looking for ways in. The 'epdump' command will ask a Windows machine to list all running services. The hacker has a list of services that can be exploited. If the hacker finds any of these services on the system, the hacker will probably try to exploit them.

For example, there are ways that a spammer can force e-mail through Microsoft Exchange Servers. By doing an 'epdump', a spammer can find out if a machine runs this server. If so, the spammer can then force the system to forward spam to people.

Defense

Filter port 135 at the firewall, for both UDP and TCP.

 more information
Intrusion: rpc.portmap dump  
The same type of attack against UNIX systems.  
Restricting Information Available to Anonymous Logon Users  
How to restrict access to this information on Windows NT  
advICE: Reconnaissance  
More info about hacker scans against the system.   
 
Version appeared:
Privacy Policy |  Copyright Info