Re: Incomings syns & pings

From: Don Kelloway (dkelloway_at_commodon.com)
Date: 06/29/04


Date: Tue, 29 Jun 2004 21:06:47 GMT


"Marco" <desspams@jenveuxpas.stop> wrote in message
news:40e1adc3$0$30163$626a14ce@news.free.fr...
> For a few hours now, my firewall has been kept busy blocking TCP
connections
> attempts on ports 135, 137 & 445 on its WAN IP address, as well as
pings
> which are not echoed by rule. The logs are flooded by these attempts
and
> this has been going on for 3 hours now (5 to 10 events / minute).
>
> Anybody has any clue about this ?
> Is there some kind of world wide mess going on ? (I have heard of some
nasty
> virus going around ...)
> Or is this something more focused ?
>
> Thanks for your advice
>
> Marc
>
>

It is the unfortunate result of other systems which have become
compromised, attempting to locate other systems to compromise. Such
activity occurs 24/7/365 and as long as you can be sure that your
firewall is appropriately configured to block these connection attempts
and probing, I would focus my attention elsewhere.

-- 
Best regards, from Don Kelloway of Commodon Communications
Visit http://www.commodon.com to learn about the "Threats to Your
Security on the Internet".


Relevant Pages

  • Re: What is the Pattern here ?
    ... These are all Dialup Connections that I had no connection with at the time. ... It's obviously an enormous security hole, ... > and a real firewall box. ...
    (comp.security.firewalls)
  • Re: Port 135
    ... The patch doesn't disable DCOM / RPC, so connections can still be made. ... That's why you need a firewall. ... the patch is not the thing to control ... control over your TCP/IP ports and services, ...
    (microsoft.public.security)
  • Re: Black Ice confesses faulty program!!!
    ... > outgoing connections or traffic except in cases where these connections ... > "dangerous/suspicious" traffic by the BlackICE program. ... > get into your machine then even a PC *without* a firewall is completely ... If you don't think "Spyware" is a problem for computer ...
    (comp.security.firewalls)
  • Re: Networking/Security Question...
    ... The router itself will be a Cisco 1721. ... >setup is very simple... ... XP sp2 having the firewall on by default. ... > # but deny established connections that don't have a dynamic rule. ...
    (freebsd-net)
  • Re: XPsp2 firewall - bug? - disables on certain networks
    ... Firewall Settings for Microsoft Windows XP with Service Pack 2" document ... Even if the DNS suffix is different, the computer can get a new policy from ... manually enter the DNS server and suffix settings for all connections. ...
    (comp.security.firewalls)