[Wolves] what the hell is DCOM-scm

Ron Wellsted ron at wellsted.org.uk
Tue Aug 23 20:36:43 BST 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

David Goodwin wrote:
> David Morley wrote:
> 
>> I've set up firestarter as a basic firewall but what the hell are
>> these inbound service connections
>>
>> DCOM-scm from blueyonder <- ??
>> UDP Samba <- File sharing
>> Microsoft-ds from blueyonder (might be something to do with aMsn) <-
>> File sharing
>> MS-SQL-S <- SQL (Probably sql slammer or what ever it was called)
>> MS-SQL-M <- SQL (ditto)
>> HTTP from walsall, dudley, wolverhampton blueyonder <- IIS attacks
>> Unknown UDP's from about 20 addresses <- Random scanning or looking
>> for other holes
>>
>> Is there a site where I can look up whats what, that is written for
>> someone who has no idea about firewalls.
> 
> 
> (See comments above)
> 
> /etc/services _may_ help, but probably won't.
> 
> There are quite a few sites that have remote firewall checkers if that's
> of any use (e.g. they run nessus against your box) and email you the
> results.
> 
> thanks
> David
> 

DCOM-scm is the DCOM interface to the Service Control Manager, which
allows for the starting, stopping, etc. of the background services on a
Windows system.  Unfortunately, Microsoft didn't get the security quite
right in this subsystem.

This is an attempt by a compromised Windows box to compromise your Linux
system by scanning the local blueyonder IP address range, hoping it will
find another open Windows system.

HTH

- --
Ron Wellsted
http://www.wellsted.org.uk
ron at wellsted.org.uk
FWD:519961
N 52.567623, W 2.137621
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iQEVAwUBQwt6pktP/KMNOfRbAQIJ7wf9Gnq8Vjoqy7099LV2ZGYgjS+HKOP6jyBJ
iaoX3TC2zXHJEzdHXndaZ8bm9QumkGjrmBj0/aIMXgNzfdKVT0jZuuBeoxfNN+Mr
5RMyO6CzQ47IrZ+ZPIVguxvbY/xfiBkYYdd6U/pI3btxTLQEIIbZUz8qhENmf6mv
yyvuQ6uDVLPc57FN36nipZ1iI6RNFf6IJM7WSSpJAhVxT1H/RGnregubuU1lbHEY
eIePLRyNZakNw4HQrlVzm02f+PXhY7x/+YyP8mV3h3mLgfo8sFAydcnOz2FR3SPS
Z3XZYJWADVlzS8tCpDUkpC7nQaC1CPn3SNTT3qY9PXrYOt0dAdVAeg==
=1b3c
-----END PGP SIGNATURE-----



More information about the Wolves mailing list