Author Topic: "DCOM Exploit" attack  (Read 10854 times)

0 Members and 1 Guest are viewing this topic.

Offline pacman2004

  • Jr. Member
  • **
  • Posts: 34
"DCOM Exploit" attack
« on: January 20, 2005, 02:54:20 PM »
Hello All

I am using Sygate as my Firewall. I noticed that if I allow access for the application "Generic Host Process for Win 32 services", I will get frequent messages from avast on-access scanner warning me about a "DCOM Exploit" being blocked by Network shield.   If I disallow access for this application, I will not get these messages.

What's going on ?  Is this a frewall problem ???

Offline lee20

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2326
  • The only true failure is when you give up
Re: "DCOM Exploit" attack
« Reply #1 on: January 20, 2005, 03:01:29 PM »

"Anyone who has never made a mistake has never tried anything new."-Albert Einstein

Comodo Firewall, Avast 4.8, SpywareBlaster, Spybot + superantispyware, PeerGuardian and ALL software patched!

Offline Abraxas

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 730
  • Perseverance Furthers...
    • PCLinuxOS-Forums
Re: "DCOM Exploit" attack
« Reply #2 on: January 20, 2005, 03:14:53 PM »
When you scan with "SpyBot" ;  "DSO exploit"  is always listed as a threat. Info here:
http://www.greymagic.com/security/advisories/gm001-ie/
 It's a security vulnerability in Microsoft Internet Explorer .

I realise these two " exploits "are different, but the additional info at greymagic .com will further your understanding of what issues are prevelant .
« Last Edit: January 20, 2005, 03:26:44 PM by Abraxas »

Offline pacman2004

  • Jr. Member
  • **
  • Posts: 34
Re: "DCOM Exploit" attack
« Reply #3 on: January 20, 2005, 03:23:39 PM »
My system is already updated.  No more critical updates from windows website. 

So am I suppose to allow access for "Generic Host process for Win32 services" or block it ?

What are the implications ?   Please note I have to allow access for this application in order to retrieve the windows updates/patches (if any).

Offline lee20

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2326
  • The only true failure is when you give up
Re: "DCOM Exploit" attack
« Reply #4 on: January 20, 2005, 03:29:03 PM »
Abraxas,

DSO exploit is a hole in Microsoft's security that can be exploited, and Network Shield is a sort of lightweight firewall that monitors a couple of known ports to be used by Interent Worms. It displays DCOM Exploit when it picks up worm activity on these ports i believe ( as explained in the links above).

There not the same really ;)


pacman2004,

I to use Sygate, and allow 'Generic Host process for Win32 services' to access the internet (as it is needed), but i never receive the 'DCOM Exploit' message.
Quote
What are the implications ?

Im not sure what you mean by this

--lee
« Last Edit: January 20, 2005, 03:31:31 PM by lee16 »

"Anyone who has never made a mistake has never tried anything new."-Albert Einstein

Comodo Firewall, Avast 4.8, SpywareBlaster, Spybot + superantispyware, PeerGuardian and ALL software patched!

Offline pacman2004

  • Jr. Member
  • **
  • Posts: 34
Re: "DCOM Exploit" attack
« Reply #5 on: January 20, 2005, 03:38:13 PM »
lee16

I mean if I use Sygate to block the application "Generic Host process", I will not get to see the DCOM Exploit message. 

However does this mean that everything is allright ?  Maybe somebody is trying to do something and there is no warning because I have not allowed access for Generic Host process.

BTW I am getting the DCOM message at very frequent intervals...

Offline lee20

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2326
  • The only true failure is when you give up
Re: "DCOM Exploit" attack
« Reply #6 on: January 20, 2005, 03:48:34 PM »
Im not sure why your receiving this message, as sygate should block this activity before it gets to Avast network shield.
Maybe alowing the 'Generic Host process' to access the internet with sygate and checking the rember choice box will help.
Also, are you using the latest version of sygate firewall? (5.6.2808)


--lee





"Anyone who has never made a mistake has never tried anything new."-Albert Einstein

Comodo Firewall, Avast 4.8, SpywareBlaster, Spybot + superantispyware, PeerGuardian and ALL software patched!

Offline Abraxas

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 730
  • Perseverance Furthers...
    • PCLinuxOS-Forums
Re: "DCOM Exploit" attack
« Reply #7 on: January 20, 2005, 04:09:06 PM »
lee16 :
 
Quote
Abraxas,

DSO exploit is a hole in Microsoft's security that can be exploited, and Network Shield is a sort of lightweight firewall that monitors a couple of known ports to be used by Interent Worms. It displays DCOM Exploit when it picks up worm activity on these ports i believe ( as explained in the links above).
;) Thanks lee, your right, I was being confusing rather than helpful. Sorry pacman2004 !