Infected PC!!! Or person scanning for that buffer overflow.
Have A Great Day!
Tony J. Miedaner
P: 315-671-6553
"Witkowski,Tytus,WARSAW,GLOBE IT-CC" <Tytus.Witkowski@xxxxxxxxxxxxx> Sent by: issforum-admin@xxxxxxx
10/09/2003 04:14 AM
To: issforum@xxxxxxx
cc:
Subject: [ISSForum] MSRPC - events
Hi All
On our one network sensor (7.0) inside windows network I receive a lot of
events with description MSRPC_RemoteActivate_Bo. Is it connected to
MSOutlook client which start communication with Exchange server (port 135)
or is it some kind of MSRPC vulnerability (unpatched PC, infected PC)???
br
Tytus Witkowski
_______________________________________________
ISSForum mailing list
ISSForum@xxxxxxx
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo