Re: Help - a possible bot

From: Jon Nelson (
Date: 11/16/02

  • Next message: Emeric Miszti: "Re: Help - a possible bot"
    Date: Sat, 16 Nov 2002 09:47:00 -0500 (EST)
    From: "Jon Nelson" <>
    To: <>

    Moshe Aelion said:
    > Hi everybody
    > discovered within about 10 minutes. I then installed ZoneAlarm Pro.

    Did you have a firewall before? Now that you have one you'll see how much
    137/udp traffic you get, it's a lot.

    > inspecting ZA logs, you can see a blocked scan (coming every couple of
    > minutes, from arbitrary addresses - I bet they're spoofed - and soon
    > after, the computer responds with a (blocked) attempt to communicated
    > with that address. This points to an active bot (in my opinion)

    I don't see where "...the computer immediately tries to respond" All the
    incoming attempts are NetBios 137/udp and the RuLaunch is HTTP (80/tcp)
    and not to the same IP.

    >8 ACCESS,22:01:52,RuLaunch blocked from connecting to Internet

    As far as the program being blocked, a google search for "RuLaunch" shows
    that it is Macafee, your antivirus software. It's probably checking for


    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management
    and tracking system please see: