I had hoped that people would have wised up after the Bugbear attacks.

Excellent, I have a few friends that are computer illiterate and think that a virus scanner and firewall are for paranoid people.
How I could have strangled them last night when they came screaming for help.
Your app may have come in handy, then they could sort it for themselves.

I've just got a jump in port 4444 scans, and for some reason I'm getting a lot of port 3's from a single IP and 62002's from another - anyone else seeing this?

In the router config, go to the Status tab, click on Log and then the grey Log Settings button. Tick all the checkboxes, enter smtp.ntlworld.com as the SMTP server and an email address in the other box. You should receive an email every time the log fills up - which it will. :D

One of the first things I did when I got the router, the only activity is when I either ssh into my box or connect via my handheld. No activity on ports 135 or 4444 what so ever.

Looks like I've beaten the odds so far on the probes, still I'll check again tonight and run netstat JIC

Regards,

Ben

Well that is funny - Broadband was a requirement for both my Redhat and Mandrake installs. After install the first udates (security) added up to around 40 - 60Mb for each Distro!

Fine if you want to sit back being complacent thinking it will never happen to me - so be it.

This is the last I am going to say on the matter as it is clear that you seem to think your are invunerable to any exploit or virus!

I'm responding to 135 and 4444 with the messages so they don't appear in the router logs, but I'm getting loads of scans on port 3 which, according to GRC.com, is "compressnet, Compression Process". I seem to get a block of scans/attempts all from the same IPs, currently 80.0.190.120 and 80.1.192.146 - what the...?

Now your putting words into my mouth. At no point have I said that I am invuneranble to exploits and viruses, at no point have I said that I am complacent. I am anything but and have just spent the morning updating several SuSE pro servers and one SLOX machine.

I have been saying that due to the nature by which Linux has been created and the security models used, that it offers far, far superiour protection against viruses and has far fewer actually useful exploits than its competitor. You have been responding with inane statements and worthless generalities, at no time countering the points I raised.

Edit: For the spectators :) The 40 - 60 Meg downloads our helldesk slave is refering to include things such as an optimised kernel (20Megs easy), Product updates (not security related), Drivers that are not allowed to be commercially distributed (such as nVidia), Font packs (such as MS's) a few additonal programs that they would have liked to include on the disks but left off by mistake or due to lack of space and updates and security patches for _every_ piece of software that the update manager can detect.

This doesnt even remotely compare with windows update which only offers critical fixes and MS only product updates, complete with altered EULA's.

Regards,

Ben

Anybody else waiting for the scream? :D

Regards,

Ben

No that was yesterday, between 1700 and 1800.

Well between 14.36 and 15.36 I have had 56 on pot 135 and I catn seem to get Kazza lite or piolet to connect, but overnet seems to work fine. Do you think it could be connected?

well i'm glad now that i'm with an isp that knows what they are doing and not ntl, as soon as this virus started lurking its head my isp (plusnet) blocked the two ports involved on there end so that even vunerable machines wont get infected as no data can get through. They then let us know that they had done this and recomended on getting the updates as well.

If anyone wants to move over to them now let me know as they do a referal scheme which gives you a discount off your bill for refereing someone else to them :-)

K

Ps about linux, the reason you dont see many updates for them is because they update entire distros frequently, suse 8.2 is only a few months old 8.1 is less than a year old etc

Is there something I should know? :)

The program is available online btw:
http://www.tnk-bootblock.co.uk/prods...terBlaster.zip

I've lost count of the number I've had - stopped counting at 50 (in 25 minutes). Have scanned my pc for viruses and it's ok, and have up to date McAffee - will that do? :confused:

If you take another read of what I wrote very carefully you will notice that I said that the 40-60Mb updates WERE SECURITY RELATED! The full update including non-security related came to over 150Mb! Oh and there was no optimized kernal included in those downloads.

Just for the record I do not do helpdesk. Not all support analysts are helpdesk. I am actually part of system services which looks after servers - no user interaction at all.