Is this an attack? how to fix?

Discussion in 'Windows Desktop Systems' started by leedogg, Aug 11, 2003.

  1. leedogg

    leedogg Gojyone kawaiiiiiiii!

    Messages:
    820
    I have cable and I think something is screwy with my net connection, my ping sometimes goes all to hell. I'm using the latest version of kpf and under the security logs I get the following "attack" logged every second. Description: "RPC rpc.xfsmd xfs_export attempt UDP" The remote address is different for each attack and the Reference URL is http://www.securityfocus.com/bid/5075

    /edit oh forgot the attack class is: rpc-portmap-decode

    Go to that reference url provided some information about the "attack" but I'm still confused as to what exactly it is and how to fix it..or even if its a real attack...

    Is there something I can do to fix this or is this just random noise? it looks like this exploit is for unix boxes?
     
  2. Geffy

    Geffy Moderator Folding Team

    Messages:
    7,805
    Location:
    United Kingdom
    *goes to find Enyo
     
  3. leedogg

    leedogg Gojyone kawaiiiiiiii!

    Messages:
    820
    Hmm I think I know the culprit...I'm suspecting I installed a malware/trojan of some sort that was initiating this behavior...its called iOO Trace IT and has me very suspicious..
     
  4. leedogg

    leedogg Gojyone kawaiiiiiiii!

    Messages:
    820
    hmmm maybe it wasnt that application after all...these attacks only seemed to crop up after I installed the rc1 of kpf....reverting to b7 gets rid of them...
     
  5. Geffy

    Geffy Moderator Folding Team

    Messages:
    7,805
    Location:
    United Kingdom
    maybe a bug maybe b7 doesnt catch them

    *still lookin for Enyo
     
  6. Geffy

    Geffy Moderator Folding Team

    Messages:
    7,805
    Location:
    United Kingdom
    knew he would get here sometime :p
     
  7. MdSalih

    MdSalih The Boss

    Messages:
    1,730
    Location:
    Birmingham, UK