My Sygate firewall is getting full

Discussion in 'Computer Support' started by Sonia, Aug 22, 2003.

  1. Sonia

    Sonia Guest

    The Security log is getting full of applications which are all blocked some
    major some critical saying intrusion detection and F30002 DCE/RPC DCOM
    buffer overflow exploit attempt detected.the application svchost.exe.
    I uploaded the Ms patch as I got the msblaster virus and cleaned that with
    Norton a couple of weeks ago.
    Any help on this one guys

    Sonia XX
     
    Sonia, Aug 22, 2003
    #1
    1. Advertising

  2. Sonia

    Boomer Guest

    Sonia said:

    > The Security log is getting full of applications which are all
    > blocked some major some critical saying intrusion detection and
    > F30002 DCE/RPC DCOM buffer overflow exploit attempt detected.the
    > application svchost.exe. I uploaded the Ms patch as I got the
    > msblaster virus and cleaned that with Norton a couple of weeks
    > ago. Any help on this one guys
    >
    > Sonia XX


    Hi

    Have you contacted Sygate? I don't use the product so I'm not much
    help here.
    And I'm not sure what the question is!!
    What applications are you talking about?
    Do you have to save all the logs?
    Is your product up to date?

    http://dts-l.org/goodpost.htm

    Support and Services
    http://www.sygate.com/support/support_switch.htm

    Contact:
    http://www.sygate.com/aboutus/contact.htm

    Sygate European Headquarters
    Chesham, Buckinghamshire
    United Kingdom
    +44.1494.582.6000 Phone
    +44.20.7681.3141 Fax
    Email:
    General Inquiries


    Have you searched here?
    Search MS Knowledge Base
    http://support.microsoft.com/default.aspx
    Or use MS Google
    http://www.google.com/microsoft.html

    Not much help but....
     
    Boomer, Aug 22, 2003
    #2
    1. Advertising

  3. Sonia

    Boomer Guest

    Sonia XX said:

    >
    > "Boomer" <> wrote in message
    > news:3f45bba9$0$226$...
    >> Sonia said:
    >>
    >> > The Security log is getting full of applications which are all
    >> > blocked some major some critical saying intrusion detection and
    >> > F30002 DCE/RPC DCOM buffer overflow exploit attempt
    >> > detected.the application svchost.exe. I uploaded the Ms patch
    >> > as I got the msblaster virus and cleaned that with Norton a
    >> > couple of weeks ago. Any help on this one guys
    >> >
    >> > Sonia XX

    >>
    >> Hi
    >>
    >> Have you contacted Sygate? I don't use the product so I'm not
    >> much help here.
    >> And I'm not sure what the question is!!
    >> What applications are you talking about?
    >> Do you have to save all the logs?
    >> Is your product up to date?

    >
    >
    > I was using the firewall Agnitum Outpost and it was happening with
    > this as well. All updated including Norton AV.
    >
    > Its showing up in my log viewer stating time, Activive Respone or
    > Intrusian Detection, then critical or major, the the remote host
    > 81.128.41.78


    host81-128-41-78.in-addr.btopenworld.com

    > Aplicatin name : svchost.exe There is about 100
    > lists in about 10 mins from different hosts.


    Are you still getting them?
    Sounds like your firewall is working well.

    > Sonia XX


    Heres the latest Sygate Security Alerts
    http://www.sygate.com/alerts/index.htm
     
    Boomer, Aug 22, 2003
    #3
  4. Sonia

    Boomer Guest

    Sonia XX said:

    > BWAHAHAHAHAHAHAH!!!!


    >> You a sheep ??


    lol

    Btw don't feed the troll.

    I snipped the cross post that was added.
    (alt.os.windows-xp)
     
    Boomer, Aug 22, 2003
    #4
  5. Sonia

    Erik Pigshit Guest

    Gregg Radi wrote:
    > Boomer wrote:
    >
    >> Btw don't feed the troll.

    >
    > YUM! Troll food.
    >
    >> I snipped the cross post that was added.
    >> (alt.os.windows-xp)

    >
    > I put it back.


    And we appreciate it. 24hourfuckup is always good for a laugh.

    --
    Erik Pigshit
    "I am one the few who gives an intelligent reply." [sic]
     
    Erik Pigshit, Aug 22, 2003
    #5
  6. Go to logs, select file, then select clear.

    "Sonia" <> wrote in message
    news:bi4bl1$cuh$...
    > The Security log is getting full of applications which are all blocked

    some
    > major some critical saying intrusion detection and F30002 DCE/RPC DCOM
    > buffer overflow exploit attempt detected.the application svchost.exe.
    > I uploaded the Ms patch as I got the msblaster virus and cleaned that with
    > Norton a couple of weeks ago.
    > Any help on this one guys
    >
    > Sonia XX
    >
    >



    ---
    Outgoing mail is certified Virus Free.
    Checked by AVG anti-virus system (http://www.grisoft.com).
    Version: 6.0.512 / Virus Database: 309 - Release Date: 8/19/2003
     
    BananaPannaPoe, Aug 22, 2003
    #6
  7. Sonia

    Sonia XX Guest

    "BananaPannaPoe" <> wrote in message
    news:87q1b.5851$...
    > Go to logs, select file, then select clear.


    Yea I do that and it constantly goes again.
     
    Sonia XX, Aug 22, 2003
    #7
  8. Sonia

    Sonia XX Guest

    "discogail" <> wrote in message
    news:bi59cl$69f$...
    > It's the W32.Welchia.Worm.....checking for active machines to infect by
    > sending an ICMP echo.....I'm being bombarded too.......it's looking for
    > Msblast .......then tries to download the DCOM RPC patch from Microsoft's
    > Windows Update Web site, install it, and then reboot the computer.

    which one do I install the one i did for msblast the 32 somthing one? you
    got a link
     
    Sonia XX, Aug 22, 2003
    #8
  9. Sonia

    Boomer Guest

    Sonia XX said:

    >
    > "discogail" <> wrote in message
    > news:bi59cl$69f$...
    >> It's the W32.Welchia.Worm.....checking for active machines to
    >> infect by sending an ICMP echo.....I'm being bombarded
    >> too.......it's looking for Msblast .......then tries to download
    >> the DCOM RPC patch from Microsoft's Windows Update Web site,
    >> install it, and then reboot the computer.

    > which one do I install the one i did for msblast the 32 somthing
    > one? you got a link


    Didn't you say, "I uploaded the Ms patch..."


    Thanks to °Mike° for posting this information in an earlier thread.

    Win32.Blaster (aka Lovsan).

    W32.Blaster.Worm
    http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html

    W32.Blaster.B.Worm
    http://www.symantec.com/avcenter/venc/data/w32.blaster.b.worm.html

    W32.Blaster.C.Worm
    http://www.symantec.com/avcenter/venc/data/w32.blaster.c.worm.html

    W32.Blaster.Worm Removal Tool
    http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.too
    l.html


    Microsoft Security Bulletin MS03-026
    http://www.microsoft.com/technet/security/bulletin/MS03-026.asp

    What you should know about the Blaster worm
    http://www.microsoft.com/security/incident/blast.asp

    Windows RPC DCOM Buffer Overflow Remote Exploit (MS03-026)
    http://www.k-otik.com/exploits/07.25.winrpcdcom.c.php

    How to Use The KB 823980 Scanning Tool to Identify Host Computers
    That Do Not Have The 823980 Security Patch (MS03-026) Installed
    http://support.microsoft.com/search/preview.aspx?id=kb;en-us;826369
     
    Boomer, Aug 22, 2003
    #9
  10. Sonia

    Boomer Guest

    Sonia XX said:

    >> Didn't you say, "I uploaded the Ms patch..."

    >
    > I persumed it was another type than he was relating to a differnt
    > patch as for msblaster as I said I got the patch for but when he
    > said it was the W32.Welchia.Worm I thought there was another
    > patch.
    >
    > Sonia XX


    Here ya go.
    http://www.sarc.com/avcenter/venc/data/w32.welchia.worm.html
     
    Boomer, Aug 22, 2003
    #10
  11. Sonia

    Sonia XX Guest

    Sonia XX, Aug 22, 2003
    #11
  12. Sonia

    Boomer Guest

    Boomer, Aug 22, 2003
    #12
  13. Sonia

    discogail Guest

    Getting pinged doesn't mean you have the worm. Sorry..if you thought that's
    what I meant. It's other computers that are infected..that are out
    looking.......& sending out the Echo requests..that your fireewall....is
    picking up.
     
    discogail, Aug 22, 2003
    #13
  14. Sonia

    doS Guest

    Then why did you answer?

    "Boomer" <> wrote in message
    news:3f45bba9$0$226$...
    > Sonia said:
    >
    > > The Security log is getting full of applications which are all
    > > blocked some major some critical saying intrusion detection and
    > > F30002 DCE/RPC DCOM buffer overflow exploit attempt detected.the
    > > application svchost.exe. I uploaded the Ms patch as I got the
    > > msblaster virus and cleaned that with Norton a couple of weeks
    > > ago. Any help on this one guys
    > >
    > > Sonia XX

    >
    > Hi
    >
    > Have you contacted Sygate? I don't use the product so I'm not much
    > help here.
    > And I'm not sure what the question is!!
    > What applications are you talking about?
    > Do you have to save all the logs?
    > Is your product up to date?
    >
    > http://dts-l.org/goodpost.htm
    >
    > Support and Services
    > http://www.sygate.com/support/support_switch.htm
    >
    > Contact:
    > http://www.sygate.com/aboutus/contact.htm
    >
    > Sygate European Headquarters
    > Chesham, Buckinghamshire
    > United Kingdom
    > +44.1494.582.6000 Phone
    > +44.20.7681.3141 Fax
    > Email:
    > General Inquiries
    >
    >
    > Have you searched here?
    > Search MS Knowledge Base
    > http://support.microsoft.com/default.aspx
    > Or use MS Google
    > http://www.google.com/microsoft.html
    >
    > Not much help but....
    >
    >
     
    doS, Aug 22, 2003
    #14
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. jafiwam

    Re: Sygate Personal Firewall readout

    jafiwam, Jul 4, 2003, in forum: Computer Support
    Replies:
    0
    Views:
    535
    jafiwam
    Jul 4, 2003
  2. Philippe L. Balmanno

    Re: Sygate Personal Firewall readout

    Philippe L. Balmanno, Jul 4, 2003, in forum: Computer Support
    Replies:
    2
    Views:
    613
    Philippe L. Balmanno
    Jul 5, 2003
  3. Sygate Firewall

    , Dec 18, 2003, in forum: Computer Support
    Replies:
    10
    Views:
    830
    [ Doc Jeff ]
    Dec 19, 2003
  4. Problem with Sygate firewall

    , Jan 8, 2004, in forum: Computer Support
    Replies:
    7
    Views:
    716
    Tergiversative
    Jan 14, 2004
  5. Sash
    Replies:
    6
    Views:
    688
    Toolman Tim
    Jan 14, 2005
Loading...

Share This Page