December 1st, 2004, 12:05 PM
Wazzup.........new worm on the block?
Just logged this box on, and in the last 10 minutes I must have had around 50 attempts to connect on ports 135 and 455.
Haven't had a chance to investigate yet, but I have not had the warnings before, so it looks new. They almost all seem to be coming from within my ISP's sub-net.
Anyone else seeing anything strange right now?
Sorry, I am a bit slow right now....................just emerged from the chariot.................
(That's a Chinese bed............a Wan Kin Chariot )
I will take a look and get back................
December 1st, 2004, 12:39 PM
cant say im seeing any activity. maybe the technerds at your isp are messing with you cause they know ur AO Senior
December 1st, 2004, 01:05 PM
Getting scanned on ports 135-139 and 445 is "normal" behaviour when you're on the Internet these days..
Could be anything, old or new.
Experience is something you don't get until just after you need it.
December 1st, 2004, 01:14 PM
I have given them a heads up, but no response so far. What is interesting me is that this box has PC-cillin security suite on it, and I updated that when I logged on. Whatever it is, is punching holes right through it...............?
Then it meets something nasty in the root cellar.......................probably some crowd from the 75th Rangers, or 2nd Recon...................can't quite remember where the software came from but it is having a field day right now
ACK! ........Win XP Pro SP1, Firefox, broadband connection (ADSL) from British Telecom............sorry, I should have given those details earlier. Everything up to date apart from SP2.
Could be a time zone thing?
EDIT: SirDice, I agree, what I am interested in is that this has just started, and gets through the PC-Cillin that would normally block it silently.?????????????
December 1st, 2004, 01:20 PM
East America is getting up now!
No SP2! Mon ami, vous Ítes en retard!!
December 1st, 2004, 01:21 PM
after u posted, ive been having my sygate crashing, and my optical mouse totally went haywire, the led kept blinking repetedly and "moving itself", i couldnt access anything in the start menu cause it was like i had a hax0r take over my keyboard as well. but this wasnt the case cause i rebooted unplugged from the net and it still did it. sygates pissing me off since its crashing a lot today, which it never does. so it looks like i gotta reinstall it, and go thru the trouble of renaming this dll file they failed to fix when installing. i wish i could find a good firewall thats small for a low end system like the old nukenabber etc. but now things have to be complicated these days.
December 1st, 2004, 06:05 PM
After reading your post i just checked my firewall's todays logs.
2004/12/01 23:12:30 10.0.0.142:3349 10.0.0.218:1025 network blackjack
2004/12/01 23:12:09 10.0.0.142:3085 10.0.0.218:135 DCE endpoint resolution
2004/12/01 22:47:45 10.0.0.26:3472 10.0.0.218:443 HTTP protocol over TLS/SSL
2004/12/01 22:47:24 10.0.0.26:3417 10.0.0.218:80 World Wide Web HTTP
2004/12/01 22:47:03 10.0.0.26:3367 10.0.0.218:3140 Port 3140 (TCP)
2004/12/01 22:46:42 10.0.0.26:3315 10.0.0.218:6129 Port 6129 (TCP)
2004/12/01 22:46:20 10.0.0.26:3265 10.0.0.218:5000 UPnP (Universal Plug and Play)
2004/12/01 22:45:58 10.0.0.26:3216 10.0.0.218:2745 URBISNET
2004/12/01 22:45:14 10.0.0.26:3116 10.0.0.218:1025 network blackjack
2004/12/01 22:44:53 10.0.0.26:3066 10.0.0.218:135 DCE endpoint resolution
What attracts me is connection attempt on port 1025 that is the port on which my personal firewall is running why would anyone try to connect to that port?
Or is it just some kid in my LAN who is just trying to learn how to play with telnet and port scanners.
December 1st, 2004, 08:04 PM
My email is being hit with Worm.Wurmark.A according to ClamAV. Google doesn't know very much about it yet. Perhaps this is a blended threat?
/me fires up the lab