Cable Forum
Page 2 of 3 1 2 3
Show 100 post(s) from this thread on one page

Cable Forum (https://www.cableforum.uk/board/index.php)
-   General IT Discussion (https://www.cableforum.uk/board/forumdisplay.php?f=19)
-   -   Firewall allowing connection (https://www.cableforum.uk/board/showthread.php?t=1808)

CuddlesTC 12-08-2003 19:16
For the last couple of days my firewall has been reporting almost non-stop MSRPC TCP port probes, whereas this used to be a very rare type of probe - could this be for the same reason?

Taf 12-08-2003 19:17
Any experts out there?

homealone 12-08-2003 19:19
seems to be a bit of a pattern


12/08/03 17:58:13 TCP 80.4.* 135 80.4.75.226 3440 Block
12/08/03 17:58:15 TCP 80.4.* 135 80.4.196.113 2499 Block
12/08/03 17:58:18 TCP 80.4.* 135 80.4.101.122 3838 Block
12/08/03 17:58:48 TCP 80.4.* 135 80.4.198.225 1142 Block
12/08/03 18:00:23 TCP 80.4.* 135 80.4.195.121 2698 Block
12/08/03 18:03:32 TCP 80.4.* 135 80.4.165.105 4328 Block
as you can see the scans are coming from the same IP segment as my addy. I wouldn't mind betting Altis's IP begins with 81.97.*

<edit> sorry Alan didn't see your post re 60/40 while I was typing

Alan Waddington 12-08-2003 19:19
Quote:
Originally posted by CuddlesTC
For the last couple of days my firewall has been reporting almost non-stop MSRPC TCP port probes, whereas this used to be a very rare type of probe - could this be for the same reason?
MSRPC = Microsoft Remote Procedure Call (which uses Port 135)

Thus yes, it is the msblast virus

Taf 12-08-2003 19:20
http://www.ntl-isp.ntl.com/lookup/default.asp

They've put a warning up....

Alan Waddington 12-08-2003 19:22
Note that there is another thread on here covering the same topic
http://www.nthellworld.co.uk/forum/s...&threadid=1791

Taf 12-08-2003 19:23
Time for Admin to merge the two together?

zoombini 12-08-2003 20:02
Before it gets merged can I change it slightly and ask how I can tell if I have had anything past the firewall?

I am running linklogger and see plenty of attacks (green icons) at port 135 from NTL addresses.

But how do I know that they have been stopped or if they got past?

Etc.

Are there any dummies guides to knowing whats what with a firewall available?

Ramrod 12-08-2003 20:13
Quote:
Originally posted by zoombini
Before it gets merged can I change it slightly and ask how I can tell if I have had anything past the firewall?

I am running linklogger and see plenty of attacks (green icons) at port 135 from NTL addresses.

But how do I know that they have been stopped or if they got past?

Etc.

Are there any dummies guides to knowing whats what with a firewall available?
Yes, i was wondering about that but I've run my anti-virus, had my ports checked and checked my registry as well. All clear, so my firewall must be doing it's job. *fingers crossed*:D

Taf 12-08-2003 20:54
Just think of the iriots out there with no antiviral or firewall......

Ramrod 12-08-2003 21:00
Theres a thread on it on .com

Xaccers 12-08-2003 21:54
Quote:
Originally posted by Taf
And of course NTL has no antiviral running on it's servers to protect it's users?
OI!
As someone who used to build the NT servers for NTL I take objection to that insinuation!
It's not NTL's servers that are infected, it's customers who aren't bright enough to get patched.
None of my servers were ever infected/hacked while I was in charge of them.

Taf 13-08-2003 10:16
Nice to know... is it still that way?

Lord Nikon 13-08-2003 10:37
the 60/40 was on the symantec site

As it infects only windows OSs I doubt it would hit the NTL mailservers anyway.

It will however infect any Windows 2000, Windows NT, XP or Server 2003 system that has not yet been patched.

Taf 13-08-2003 10:39
I'm still getting small packets from other NTL addresses this morning, so lets hope they start patching their PCs soon....


All times are GMT +1. The time now is 18:27.
Page 2 of 3 1 2 3
Show 100 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2026, vBulletin Solutions Inc.
All Posts and Content are © Cable Forum