Hi
My dad is getting this alert multiple times a day.
Any pointers on how to get rid of this issue?
Messages like:
Network Shield: blocked “DCOM Exploit” - attack from 81.178.115.162:135/tcp
are due to the RPC/DCOM exploit, which is a vulnerability that allows an attacker to gain access to the destination machine by sending a malformed packet to the DCOM service. It uses the RPC TCP port 135.
Which firewall do you use?
And, most important, is your operational system updated?
Thanks for your response.
The machine in question has a copy of fully patched Windows 7 Home Premium installed.
The only firewall in the system is the default Windows firewall at default settings.
It should be enough.
Anyway, you’re protected by avast Network Shield. Be happy
Hi, Ravi Gupta, there could have been two problems,
- Your Windows is not fully updated.
- You’re not using a two-side firewall.
Network Shield is a protection against known Internet worms/attacks. It analyzes all network traffic and scans it for malicious content. It can be also taken as a lightweight firewall (or more precisely, an IDS (Intrusion Detection System).
Messages like:
Network Shield: blocked “DCOM Exploit” - attack from 81.178.115.162:135/tcp
are due to the RPC/DCOM exploit, which is a vulnerability that allows an attacker to gain access to the destination machine by sending a malformed packet to the DCOM service. It uses the RPC TCP port 135. Basically, it could be infected by Internet worms such as Win32.CodeRed, Win32.SQLSlammer, Win32.Blaster, in32.Welchia (Nachi) and Win32.Sasser.
You can also download Steve Gibson’s DCOMbobulator: http://www.grc.com/files/DCOMbob.exe to disable DCOM on port 135
polonus
What issue…?? avast blocked it, that’s what it is supposed to do.
Anyway, your firewall should have blocked it before avast…!!
Seems your W7 FW gets bypassed. Maybe use an advanced 3rd party product.
asyn