Need Help With MS RPCSS Attack

Hey guys,

The past two days, I've been having problems connecting to the internet and called my service provider to fix it. They did some line testing, and as of this morning, I'm able to connect.

However, I first tried to connect my notebook straight to the modem before connecting it to my router to check. As I am using my internet now, NIS 2010 gives me the following notification every 5-10 minutes...that is has blocked an intrusion attempt:



I'm not exactly sure what this is, but it seems like someone is trying to hack into my system. Has anyone experienced a similar issue before? I would like to know how I can get rid of this threat.

Another thing to note is that my IPv4 address yesterday was invalid or something, so my ISP changed it. This problem has occurred ever since. I will try to run a Full System Scan soon on both normal and safe mode, and see if that helps, but for now, does anyone have any suggestions regarding the cause of the problem, and how I can fix it?

Thanks in advance...

 

Well, the same happens to my grandfather - some "network attack" blocked by KIS in that case...
I think CA sed to claim attacks while we were in Sunderlan too.

I'd just ignore it as there is nothing you can do - maybe if you have a dynamic IP address (we have, my grandfather hasn't) you can restart the router.

All you can do from your side is a hardware firewall outfront, or put a computer in front of your laptops to act as a guard.
But you can't stop the attacks - you can try to block them only.

 

Thanks for the reply DetlevCM.

How would I know if I have a dynamic IP address? Is there a way to change my IP address? I've ran two Full Systems scans; one on normal and the other in Safe Mode and the attacks are still happening. There is also another type of attack now, listed as MS RPC Network DDE BO.

Also, I'm connected directly via ethernet, and not by router. I haven't tried connecting my modem to the router yet as other PCs at home may be affected as well.

However, another thing to note is that I tried manually connecting my modem to another Toshiba notebook at home with a different IP address, and the MS RPCSS attacks did not show up.

Would appreciate more help to remedy the issue.

Thanks...

 

If you have a dynmaic IP it would change everytime you reconnect your phone line...
Just thinking:
I've read that you can get lost network packets listed as an attack - but I don't think that should happen.

Also: You could try talking to your provider - they should be able to give you another IP address if you have a security conern.

 

Thanks again,

I tried connecting through my router, and that probably blocked the problem from getting worse. So far, 3 notebooks at home are connected via router and none (including mine) are affected by the MS RPCSS Attack...

 

A lot of Routers (if not all nowadays) have a built in Firewall - that definitely helps