15-08-2003, 23:14
|
#1
|
Trollsplatter
Cable Forum Team
Join Date: Jun 2003
Location: North of Watford
Services: Humane elimination of all common Internet pests
Posts: 36,930
|
I'm under attack!
All evening my firewall has been constantly repelling attempts to get at my poor Mac ... from when I switched on at about 7.45 until I restarted it just now. My internet has been uselessly slow.
I don't know too much about these things but I had a suspicion that if I rebooted and acquired myself a new IP address the problem might go away. So far, it seems to have worked.
Strange thing is, virtually all the attempts came from within the ntl network, if I'm reading my access log right (it's attached). Anyone have a clue what this is all about?
|
|
|
15-08-2003, 23:20
|
#2
|
Cable Forum Team
Join Date: Jun 2003
Posts: 15,118
|
Who knows but could be MSblast related, it seems to have an hidden agenda, one thats going to be unleashed tonight at midnight when those still infected with the worm and connected to web, that will 'blast' (reason behind its name) data to the microsoft website in a bid to crash the system.
|
|
|
15-08-2003, 23:22
|
#3
|
Inactive
Join Date: Jun 2003
Location: Milling around Milton Keynes
Age: 47
Posts: 12,969
|
Port 135, likely to be msblast (aren't you glad you bought a mac?)
|
|
|
15-08-2003, 23:27
|
#4
|
Trollsplatter
Cable Forum Team
Join Date: Jun 2003
Location: North of Watford
Services: Humane elimination of all common Internet pests
Posts: 36,930
|
|
|
|
16-08-2003, 00:23
|
#5
|
Inactive
Join Date: Jun 2003
Location: Milling around Milton Keynes
Age: 47
Posts: 12,969
|
Yeah, must be good to be so insignificant no one bothers with you
mumble mumble can't right mouse click mumble mumble
|
|
|
21-08-2003, 20:20
|
#7
|
Inactive
Join Date: Jun 2003
Location: Orbiting Venus
Services: Very High Monthly Bills!
Posts: 1,052
|
some of us with older (but nicer) versions of windows (98se) are not affected by the blast virus and also have all 3 mouse keys to play with and so therefore we feel really smug
|
|
|
21-08-2003, 20:52
|
#8
|
Inactive
Join Date: Jun 2003
Posts: 22
|
Towny
I am also getting battered on destination port 135, the connection is hopelessly slow, 99% from NTL customers, plus repetitive CyberKit 2.2 hits..
Its crap, the Microsoft product is totally venerable when connecting to the internet by itâ₠¬ÃƒÂ¢Ã¢â‚¬Å¾Ã‚¢s self and itâ₠¬ÃƒÂ¢Ã¢â‚¬Å¾Ã‚¢s clogging up network traffic.
Blame Kazaa users for clogging up the network †œmy backsideââ‚ ‚¬Ã‚ÂÂ
Ban micro$oft users from using up bandwidth with flaky software.
Fr4nk
|
|
|
21-08-2003, 21:19
|
#9
|
Inactive
Join Date: Jun 2003
Posts: 22
|
Infected by the MSBlast Internet Worm ... ISPs everywhere are blocking all port 135 traffic in an attempt to slow the worm's growth
Obviously not NTL
Fr4nk
|
|
|
21-08-2003, 21:29
|
#10
|
Guest
|
Quote:
Originally posted by Atomic22
some of us with older (but nicer) versions of windows (98se) are not affected by the blast virus and also have all 3 mouse keys to play with and so therefore we feel really smug
|
well we are a bit affected, because of all the extra traffic.
one persistent entry in my firewall log resolves as
youhavetheblasterworm.ntli.net
- and I am on 98se
- presumably this is the welchi worm.?
- anyone had sobig.f yet?
|
|
|
21-08-2003, 21:48
|
#11
|
Inactive
Join Date: Jun 2003
Location: Stoke-On-Heaven
Age: 37
Services: Freeview, 512k Pipex.
Posts: 1,758
|
Well I reinstalled XP Pro For my mate tonight, and about 20 seconds after re-connecting to the internet , the Blast worm was on his computer... Although, It rebooted Once, then I went to Remove it, It'd already gone!, Me thinks the Anti Virus Virus was there somewhere :p
|
|
|
21-08-2003, 22:05
|
#12
|
Guest
Location: East London (ex-C&W)
Services: XL broadband
ntl250 modem
Posts: n/a
|
Quote:
Originally posted by Steve_NTL
Well I reinstalled XP Pro For my mate tonight, and about 20 seconds after re-connecting to the internet , the Blast worm was on his computer...
|
Didn't you turn on XP's firewall before connecting to the internet?
|
|
|
21-08-2003, 22:31
|
#13
|
Inactive
Join Date: Jun 2003
Location: Stoke-On-Heaven
Age: 37
Services: Freeview, 512k Pipex.
Posts: 1,758
|
No - Didnt even think about it.
|
|
|
22-08-2003, 00:14
|
#14
|
Inactive
Join Date: Jun 2003
Location: heckmondwike
Age: 38
Posts: 10,767
|
Quote:
Originally posted by Steve_NTL
No - Didnt even think about it.
|
lmfao big mistake
well you know what to do about it :p
|
|
|
22-08-2003, 06:33
|
#15
|
Inactive
Join Date: Jun 2003
Location: NW UK
Posts: 3,546
|
Not knowing much about the mac, why not see if you can stealth port 135, the reason the worms try multiple times with you is that they get a reply on that port address, so they try to force their way in. If the port doesn't respond, they assume no machine and move on.
(3 port stages
Open - traffic is allowed through
Closed - Traffic is blocked and a reply is given saying the port is closed
Stealthed - Traffic is blocked and no acknowlegement is given
Stealthed is the best, as far as the attacking machine knows there is no computer on that IP address at all)
|
|
|
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT +1. The time now is 23:26.
|