Author Topic: Repeated Alerts from Network Shield  (Read 3002 times)

0 Members and 1 Guest are viewing this topic.

ravi16aug

  • Guest
Repeated Alerts from Network Shield
« on: June 24, 2010, 09:26:23 PM »
Hi
My dad is getting this alert multiple times a day.
Any pointers on how to get rid of this issue?

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67255
Re: Repeated Alerts from Network Shield
« Reply #1 on: June 24, 2010, 09:30:07 PM »
Messages like:
Network Shield: blocked "DCOM Exploit" - attack from 81.178.115.162:135/tcp
are due to the RPC/DCOM exploit, which is a vulnerability that allows an attacker to gain access to the destination machine by sending a malformed packet to the DCOM service. It uses the RPC TCP port 135.

Which firewall do you use?
And, most important, is your operational system updated?
The best things in life are free.

ravi16aug

  • Guest
Re: Repeated Alerts from Network Shield
« Reply #2 on: June 24, 2010, 09:43:31 PM »
Thanks for your response.
The machine in question has a copy of fully patched Windows 7 Home Premium installed.
The only firewall in the system is the default Windows firewall at default settings.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67255
Re: Repeated Alerts from Network Shield
« Reply #3 on: June 25, 2010, 02:43:17 PM »
It should be enough.
Anyway, you're protected by avast Network Shield. Be happy :)
The best things in life are free.

Online polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33062
  • malware fighter
Re: Repeated Alerts from Network Shield
« Reply #4 on: June 25, 2010, 03:00:37 PM »
Hi, Ravi Gupta, there could have been two problems,

1. Your Windows is not fully updated.
2. You're not using a two-side firewall.

Network Shield is a protection against known Internet worms/attacks. It analyzes all network traffic and scans it for malicious content. It can be also taken as a lightweight firewall (or more precisely, an IDS (Intrusion Detection System).

Messages like:
Network Shield: blocked "DCOM Exploit" - attack from 81.178.115.162:135/tcp
are due to the RPC/DCOM exploit, which is a vulnerability that allows an attacker to gain access to the destination machine by sending a malformed packet to the DCOM service. It uses the RPC TCP port 135. Basically, it could be infected by Internet worms such as Win32.CodeRed, Win32.SQLSlammer, Win32.Blaster, in32.Welchia (Nachi) and Win32.Sasser.
You can also download Steve Gibson's DCOMbobulator: http://www.grc.com/files/DCOMbob.exe   to disable DCOM on port 135

polonus
« Last Edit: June 25, 2010, 03:03:09 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Asyn

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 69997
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Repeated Alerts from Network Shield
« Reply #5 on: June 25, 2010, 09:06:13 PM »
Hi
My dad is getting this alert multiple times a day.
Any pointers on how to get rid of this issue?

What issue..?? avast blocked it, that's what it is supposed to do.
Anyway, your firewall should have blocked it before avast...!!
Seems your W7 FW gets bypassed. Maybe use an advanced 3rd party product.
asyn
Win 8.1 [x64] - Avast PremSec 21.3.2459.BUC [UI.612] - EEK - Firefox ESR 78.9 [NS/uBO/PB] - TB 78.9
Avast-Tools: Secure Browser 89.1 - Cleanup 21.1 - SecureLine 5.11 - Driver Updater 21.1 - CCleaner 5.78
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0