Does CFP3 block RPC traffic?

Thursday, October 23rd, 2008

"MS08-067 - Remote RPC based code execution

Microsoft has announced an out of cycle patch for this vulnerability. They report that it affects Windows 2000, Windows XP, Windows Server 2003, Windows Vista and Windows Server 2008.

The vulnerability is quite serious and can be exploited by network worms. Currently there is one known worm that tries to exploit this vulnerability. We (and hopefully most other AV vendors) call it W32/Gimmiv.A. We have released definition files that detect it.

We strongly suggest that all Windows based computers be behind a firewall and that all RPC traffic be blocked. We also strongly suggest applying this patch when it is available.

Initial reports suggest that W32/Gimmiv.A can be a password stealer."

Thursday, October 23rd, 2008

http://blogs.authentium.com/virusblog/?p=284

I’m not sure but if your behind a router you should be ok. i would also like to know if it blocks these things but am not much worried about it as my router should block it.

Most ISP have firewalls themselves filtering any RPC and NetBIOS traffic coming from the external networks.
But if you have a firewall installed a properly configured, these ports should not be reachable from the external network. (Windows firewall is more lax on those ports though)

I gotcha.

On a side note, im_not_1337?