Printable View
Ah got it now :duh:
15 port scans in the last 45 minutes, all from my ISP subnet and all to port 135. Is that Blaster or some sort of variant?
The rest of the hits are just connection attempts like yourself, although I seem to be getting far more of them, like 60 or more, and most of those are coming from my ISP subnet as well.
Cheers
I don't think it is as much to do with there being less l33t haxors or less people using l33t haxor tools.
I think that alot of ISPS are blocking some of the UBER L33t H4Xor Programs Ports.
I know several of the ones in your area e.g BT and Telewest do this Valhalen.
I also think that the guy with his first post being about Pron could be on to something.
Checked again,
21 hits in the last hour all to port 135 and from the ISP subnet. I am using BT Broadband, which has only been available for about 6 months around here. This is not a very high tech community, so could it be that there are more unpatched machines and people who are new to broadband?
Port 445 has not shown up so Mark probably has a point with the filtering.
I will have a bit of a giggle and log a helpdesk message with BT :D
Cheers
LMAO, Yes, Log a help desk message saying you can't get your Back Orrifice to work. I am sure that will puzzle the person who is realistically reading from a flow chart.
I think I will call and log a fault that I am trying to use port 445 and it seems to be blocked.
after reading all of this I really don't know what's wrong with me.... aside from the usual everyday traffic I've not had any nasty attempts for the last 2 months.... I feel positively left out of this ub3r 1337 attack...
Z
I was getting so many connection attempts I just disabled logging of them on tcp ports 135 445 80 1080 and 8080
When I made the switch to RR things calmed down considerably, less connection attempts, etc. Then again, previous to this switch, I was on AOL, and with that, if you turn on any notification of what's going on, you might as well not even bother with surfing, because you'll constantly have firewall popups.Quote:
Originally posted here by mark_boyle2002
I don't think it is as much to do with there being less l33t haxors or less people using l33t haxor tools.
I think that alot of ISPS are blocking some of the UBER L33t H4Xor Programs Ports.
I know several of the ones in your area e.g BT and Telewest do this Valhalen.
I also think that the guy with his first post being about Pron could be on to something.
I'm all about the ISP filtering. Very nice when there are large e-mail virus threats as well.
Nope, things haven't calmed down at all on the skiddie front. At work it's a constant battle (or actually a constant reading of logs) from all the funny kiddies trying to run IIS attacks against Unix boxes, ahhh that never gets old ;)
My logs fill daily with scan attempts, connection attempts, and exploit attempts. 99% of the time they are nothing to bother with, they just make for fun reading material, but every now and again you get that 1% that is worrisome. Anyway, I think it is most likely the ISPs out there starting to filter a lot of the "junk" out of their consumer networks. The reason I think that is simply because my home system sees next to nothing as far as any scans/connection/exploit attempts and it's on 24x7, whereas my work network is constantly "under attack".
While reading this thread my firewall has warned of 4 connection attempts.
LOL, I can post a mountain of **** for you all to look at. I get around 2,800 external events per second, of which 10% are port scans. Just another day at the network perimeter....
:)