Wazzup.........new worm on the block?
Results 1 to 8 of 8

Thread: Wazzup.........new worm on the block?

  1. #1
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190

    Wazzup.........new worm on the block?

    Hi,

    Just logged this box on, and in the last 10 minutes I must have had around 50 attempts to connect on ports 135 and 455.

    Haven't had a chance to investigate yet, but I have not had the warnings before, so it looks new. They almost all seem to be coming from within my ISP's sub-net.

    Anyone else seeing anything strange right now?

    Sorry, I am a bit slow right now....................just emerged from the chariot.................

    (That's a Chinese bed............a Wan Kin Chariot )

    I will take a look and get back................

  2. #2
    Banned
    Join Date
    Jul 2004
    Posts
    119
    cant say im seeing any activity. maybe the technerds at your isp are messing with you cause they know ur AO Senior

  3. #3
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Getting scanned on ports 135-139 and 445 is "normal" behaviour when you're on the Internet these days..

    Could be anything, old or new.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  4. #4
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hmmmm,

    I have given them a heads up, but no response so far. What is interesting me is that this box has PC-cillin security suite on it, and I updated that when I logged on. Whatever it is, is punching holes right through it...............?

    Then it meets something nasty in the root cellar.......................probably some crowd from the 75th Rangers, or 2nd Recon...................can't quite remember where the software came from but it is having a field day right now

    ACK! ........Win XP Pro SP1, Firefox, broadband connection (ADSL) from British Telecom............sorry, I should have given those details earlier. Everything up to date apart from SP2.

    Could be a time zone thing?




    EDIT: SirDice, I agree, what I am interested in is that this has just started, and gets through the PC-Cillin that would normally block it silently.?????????????

  5. #5
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126
    East America is getting up now!

    No SP2! Mon ami, vous Ítes en retard!!
    -Simon \"SDK\"

  6. #6
    Banned
    Join Date
    Jul 2004
    Posts
    119
    after u posted, ive been having my sygate crashing, and my optical mouse totally went haywire, the led kept blinking repetedly and "moving itself", i couldnt access anything in the start menu cause it was like i had a hax0r take over my keyboard as well. but this wasnt the case cause i rebooted unplugged from the net and it still did it. sygates pissing me off since its crashing a lot today, which it never does. so it looks like i gotta reinstall it, and go thru the trouble of renaming this dll file they failed to fix when installing. i wish i could find a good firewall thats small for a low end system like the old nukenabber etc. but now things have to be complicated these days.

  7. #7
    Senior Member
    Join Date
    Oct 2004
    Posts
    122
    nihil
    After reading your post i just checked my firewall's todays logs.

    2004/12/01 23:12:30 10.0.0.142:3349 10.0.0.218:1025 network blackjack
    2004/12/01 23:12:09 10.0.0.142:3085 10.0.0.218:135 DCE endpoint resolution
    2004/12/01 22:47:45 10.0.0.26:3472 10.0.0.218:443 HTTP protocol over TLS/SSL
    2004/12/01 22:47:24 10.0.0.26:3417 10.0.0.218:80 World Wide Web HTTP
    2004/12/01 22:47:03 10.0.0.26:3367 10.0.0.218:3140 Port 3140 (TCP)
    2004/12/01 22:46:42 10.0.0.26:3315 10.0.0.218:6129 Port 6129 (TCP)
    2004/12/01 22:46:20 10.0.0.26:3265 10.0.0.218:5000 UPnP (Universal Plug and Play)
    2004/12/01 22:45:58 10.0.0.26:3216 10.0.0.218:2745 URBISNET
    2004/12/01 22:45:14 10.0.0.26:3116 10.0.0.218:1025 network blackjack
    2004/12/01 22:44:53 10.0.0.26:3066 10.0.0.218:135 DCE endpoint resolution

    What attracts me is connection attempt on port 1025 that is the port on which my personal firewall is running why would anyone try to connect to that port?
    Or is it just some kid in my LAN who is just trying to learn how to play with telnet and port scanners.
    nobody is perfect i am nobody

  8. #8
    My email is being hit with Worm.Wurmark.A according to ClamAV. Google doesn't know very much about it yet. Perhaps this is a blended threat?

    /me fires up the lab

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •