what is this message?

[LeviS LoVEr]

normally i get this message 7-8 times per day...

when i open this window i get this message..

what is this and what should i do to prevent it?

Edited October 5, 2008 by LeviS LoVEr

[Abhishek kapoor]

I think somebody is trying to connect through remote desktop as Ms RPC is "Microsoft Remote Procedure Call"

that Ip that it is showing is the used who want to connect

[+BudMan MVC]

Port 3551 is not the default remote desktop port, 3389 is.

A simple google for the attack name your software gave you would give you the details.

http://www.symantec.com/avcenter/attack_sigs/s20648.html

As to you getting it multiple times a day -- yeah there is alot of noise on the net.. If you setup your firewall to notify you ever single time it blocks something your going to get bothered all day long.

If you were behind a nat router you would not be bothered with all this noise ;)

[LeviS LoVEr]

hacking is the primary motive of the attack?

[darren89]

hacking is the primary motive of the attack?

yeah..could it be possibly be true? :s

is your IP address dynamic or static?

[LeviS LoVEr]

dont know..

how do i find out?

[redvamp128]

I did the search and found this.

https://www.securetrust.com/resources/ports...port/3500/3999/

It seems that a UPS device also uses that port. (So the question is do you have a backup power source connected to your computer). So that it can report to OS the battery status.

[LeviS LoVEr]

i am using a laptop..

sony vaio CR-353

[+BudMan MVC]

What part of NOISE did you not understand??? There are 1000's if not 100's of thousands, if not millions of boxes infected with crap all over the planet -- they look for other boxes to infect... So yeah your going to see crap like that ll the time.

Your firewall blocked it -- as it suppose to.. As I suggested put yourself behind a NAT router and you will not be bothered with nonsense warnings any more..

Or turn off the warnings -- there is no point of being notified every time your firewall blocks traffic.. You will get bombarded with it..

Oct 5 13:35:59 pf: 2. 859619 rule 278/0(match): block in on dc0: (tos 0x20, ttl 108, id 11565, offset 0, flags [DF], proto: TCP (6), length: 48) 211.190.27.14.4784 > 71.57.x.x.3389: S, cksum 0x8dc3 (correct), 1481982812:1481982812(0) win 65535 <mss 1460,nop,nop,sackOK>

Oct 5 13:35:56 pf: 211. 590149 rule 278/0(match): block in on dc0: (tos 0x20, ttl 108, id 1590, offset 0, flags [DF], proto: TCP (6), length: 48) 211.190.27.14.4784 > 71.57.x.x.3389: S, cksum 0x8dc3 (correct), 1481982812:1481982812(0) win 65535 <mss 1460,nop,nop,sackOK>

Oh NO!!! someone is trying to hack my Remote desktop -- what should I do?? :rolleyes:

Oh look my firwall blocked some other random port -- What should I do???

Oct 5 15:41:29 pf: 111. 977118 rule 278/0(match): block in on dc0: (tos 0x20, ttl 234, id 65371, offset 0, flags [none], proto: TCP (6), length: 40) 58.10.74.204.22041 > 71.57.x.x.55137: R, cksum 0xb29e (correct), 0:0(0) win 0

And hundreds more in a day... ITS NOISE!!

Edited October 5, 2008 by BudMan

[Kami-]

Hi...

Workarounds:

This issue can be eliminated by disabling NetDDE services through Administrative Tools and Group Policy settings.

Alternatively, do as BudMan says and get a NAT router... or just turn off the flipping warnings :)

[+BudMan MVC]

NetDDE is off by default --unless he had turned it on for some specific reason, he box was never in any danger from the exploit -- even if his firewall had let it through.