Re: Security question - please advise!
From: Don Kelloway (dkelloway_at_commodon.com)
Date: 09/30/04
- Next message: Don Kelloway: "Re: Newbie question on private IP classes"
- Previous message: Scott Murray: "Can't access WAN IP's with Cayman and SBC"
- In reply to: Weeble: "Security question - please advise!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 30 Sep 2004 00:42:09 GMT
"Weeble" <nono@hotmail.com> wrote in message
news:MhSdnVH8cOvHHsfcSa8jmA@karoo.co.uk...
> Do I need to worry that Sygate Personal Firewall is logging hundreds of
> 'Major' intrusions like this:
>
> [215] Outgoing LSASS buffer overflow exploit attempt detected.
>
> % This is the RIPE Whois secondary server.
> % The objects are in RPSL format.
> %
> % Rights restricted by copyright.
> % See http://www.ripe.net/db/copyright.html
>
If you are referring to hundreds of 'incoming' connection attempts to TCP
port 445, then the answer is no. You should not have anything to be
concerned with as this merely indicates external (compromised) systems
attempting to spread a worm, etc.
If however you are referring to hundreds of 'outgoing' connection attempts
to TCP port 445, then the answer is yes. You most definitely have something
to be concerned with as it indicates your system has probably become
compromised with a worm attempting to spread itself. For this you will need
to immediately remove your system from the LAN and begin the process of
identification and removal.
-- Best regards, from Don Kelloway of Commodon Communications Visit http://www.commodon.com to learn about the "Threats to Your Security on the Internet".
- Next message: Don Kelloway: "Re: Newbie question on private IP classes"
- Previous message: Scott Murray: "Can't access WAN IP's with Cayman and SBC"
- In reply to: Weeble: "Security question - please advise!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
