DCOM Expolit

I get this message from network shield:
DCOM Exploit attack
from 220.255.147.250:135

What does this mean?

Please use the search option on this board. DCOM (attacks) have been explained extendedly in several threads.

Is your firewall turned on? ??? I gues not, as I recieved this type of warning only then turned off my firewall network security module (security center didn’t reported about it as firewall actually was turned on).

Okay thanks.

:slight_smile: Possibly if you use grc.com’s “DCOMbomulator” to “disable”
your “DCOM”, you would close a potential security “hole”
and avoid future “DCOM Exploits” !?

If you want it more more technically:

Network Shield is a protection against known Internet worms/attacks. It analyses all network traffic and scans it for malicious contents. It can be also taken as a lightweight firewall (or more precisely, an IDS (Intrusion Detection System). Network Shield protects you from internet worms that spread themselves via various security holes in your system. Typicaly these kind of viruses don’t infect files but instead they attack running processes on your PC (either Windows components or some server programs like SQL Server, IIS etc.). These kind of attacks are not easily catched by ordinary antivirus during file or mail scanning. It is not a duplicate work with Standard Shield.

Basically, it covers all Internet worms. Such as Win32.CodeRed, Win32.SQLSlammer, Win32.Blaster, in32.Welchia (Nachi) and Win32.Sasser.
Messages like:
Network Shield: blocked “DCOM Exploit” - attack from 81.178.115.162:135/tcp
are due to the RPC/DCOM exploit, which is a vulnerability that allows an attacker to gain access to the destination machine by sending a malformed packet to the DCOM service. It uses the RPC TCP port 135.

If you have a third party firewall(like zomealarm) you will not receive the alert because the firewall blocked it before the netword shield. You will see the alert if you dont use a third party firewall, even with windows firewall only the alert show up. If you have the OS up to date with all updates and patches then you will not worry to much about these type of alert

[url]http://www.grc.com/dcom/intro.htm[/url] :wink:

If you have SP2 dont need that tool.

Network Shield blocked the DCOM Exploit attack before it enters your PC. Network shield is very much similar to a firewall but it never substitute it. :slight_smile:

But wait a minute. My Windows XP Pro is up to date. I have Avast! Home Edition 4.6.665, Microsoft Antispyware and Zonealarm Firewall 5.5.094 . All of them are turned on. Yet on occasions I still receive such alerts from Avast! Network Shield.

Are you sure that ZoneAlarm is well configurated? Which level are you using for Internet and Trusted zone protection?

Tech, both zones are set to ‘High’. Hmm… think isn’t a problem anymore. Today avast! didn’t prompt such alerts anymore.

Avast does not check if the vulnerabilities are fixed or not. It stops the DCOM exploit even if it would (might not) cause any problems later in the system. If your system is patched you might want to disable this warning altogether in the network shield configuration pages.

limjimmy you don’t have to worry about these attack, whatever the firewall did not block, Network Shield will. If you don’t have these type of problems anymore than your firewall should be fine. If not, contact your firewall support.

Oh okay. Thanks everyone for your replies. :slight_smile:

Your welcome, and remember: avast! will always be your safeguard. :wink: