Sygate Personal, under constant attack

[codejunkie]

I have been getting this message about every 5 mins its driving my crazy "[181.1] Inbound DCE BIND to potentially vulnerable RPC DCOM interface attempt detected"

Is there a new virus/backdoor that is using these ports, I am running SP2!

the app that is svchost.exe that its coming into. The port is 135

Port 1026 is open when I ran the sercurity check on symantec

and svchost.exe is listing on ports

135, 1029, 1030, 67, 68, 53, 1032, 1089, 4001, 4002, 4003, 4004, 2440, 2441

I have blocked everthing that it can do at the moment

Other ports that have been detected as open are

80, 135, 443, 1723

I am running a webserver from this PC so that 80 and 443. then theres the VPN 1723

so why is 135 open?

Edited September 16, 2004 by codejunkie

[CoffeeFiend]

There is no reason that I can think of why you would want that port to be open to the outside world. Your firewall should be blocking that, if not, perhaps it's time to look for another one?

[The Unicorn]

Info about port 135 can be found on http://www.grc.com/port_135.htm.

Not sure when this was updated though. Could be preSP2.

[codejunkie]

theres no problem with the Firewall I just want to know why I am getting so meny hits, but seem there is more out going trafic thats beening blocked then incoming, thats why I think I have a virus but Nortons online checker didnt find anything nore did NOD32.

And its like I said I have SP2 the only think I have used lately is the JPEG fix for Visual Studio 2003 and Office 2000, Windows didnt need it. other than nothing has changed