North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: RPC errors
Mark Segal wrote: There is legitimate use for 135, although normally it is not used in the wild much. From what I can see, the 10% traffic mark is about average and should mostly be infected systems. I've seen some tight-in network scans from one of my networks to the others (within the same /18). Still monitoring loads before I decide to crank in lists between networks to limit cross infection. Tomorrow starts the fun... EU contact.I just put an access list on one of our cores with some spare cpu cycles.. And 10% of the traffic looks like port 135 calls..... Anyone else see this? Did I break anything legitimate? I plan to open up inbound first and let user's get infected, tracking and purifying my network for about a week, perhaps two. Then I'll reopen the network for full traffic if it looks clean enough. Emergency "Good Neighbor" policy. :) -Jack
|