Kurt Wall wrote: > Quoth Matthew Carpenter: > >>IIRC, it's 135, the RPC port. > > > It exploits a vulnerability on TCP port 135, used by DCOM RPC > services. You should also block TCP ports 138, 445, 593, 4444 > and UDP port 69 (TFTP). You should block *every* port that doesn't absolutely, positively have to be exposed to the Internet. Michael