[Search for users]
[Overall Top Noters]
[List of all Conferences]
[Download this site]
| Title: | PERSONAL COMPUTER SECURITY |
| Notice: | SWEEP servers Note 5; more info on www-is-security.mso.dec.com |
| Moderator: | BSS::BOREN |
|
| Created: | Wed Jan 02 1991 |
| Last Modified: | Fri Jun 06 1997 |
| Last Successful Update: | Fri Jun 06 1997 |
| Number of topics: | 504 |
| Total number of notes: | 2905 |
478.0. "NT's RpcSs.exe getting all CPU" by NETCAD::ATKINSON (Dave Atkinson) Wed Feb 05 1997 14:07
I saw this on a newsletter last week. This morning, our NT DOMAIN
server was running a RpcSs.exe getting 96% of system. We could not
locate why RpcSs.exe had recieved the 17+ hours of CPU time but a
reboot set the process back to normal. The system appears fine.
Dave
Subj: TBTF for 1/29/97: An invisible hand
To read this issue of TBTF on the Web see
<http://www.tbtf.com/archive/01-29-97.html>
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
||| A new NT 4.0 security hole, and a workaround |||
Skinny DuBaud's rumor column [1] in news.com alerted me to a Windows NT
4.0 security problem that allows anyone to consume all the CPU time on
an NT Server or Workstation box from across the Internet. A description
[2] of the problem was posted anonymously to 32bit.com's Pipeline site
on 1/21:
> From your "Start" button, choose "Run..." and then type:
>
> telnet some.nt.host.somewhere 135
>
> Once telnet connects, type 10-20 characters, any characters...
> Then disconnect or exit telnet... CPU usage on the NT 4.0
> machine... will hit 100% and remain there until rebooted. The
> 'rpcss.exe' process will eat the CPU out of house and home.
Two days later another user, Hector Isias, posted this workaround [3]:
> You can enable IP security (Control Panel / Network / protocols /
> tcp ip / properties / advanced) and filter TCP ports. You should
> permit only the neccessary ports: 20, 21, 25, 53, 70, 80, 110,
> 111, 119, 137, 138, 139 and any other required for your specific
> needs. The list above allow you to use NETBIOS over TPC/IP, HTTP,
> Gopher, TCP, etc. It should work even for a proxy server.
[1] <http://www.news.com/Rumors/0%2C29%2C%2C00.html?nd>
[2] <http://www.32bit.com/pipeline/pipenews.phtml?news=jan97/01219701>
[3] <http://www.32bit.com/pipeline/pipenews.phtml?news=jan97/01239701>
| T.R | Title | User | Personal
Name | Date | Lines
|
|---|