Re: Possible security problem?

From: Jim (jim_at_magrathea.plus.com)
Date: 07/27/05

• Next message: lanwanhr_at_yahoo.com: "VPN home worker implementation"
• Previous message: Nik: "Re: Penetration test requested!"
• In reply to:(deleted message) Véronique Souchon: "Re: Possible security problem?"
• Next in thread: Alex: "Re: Possible security problem?"
• Reply: Alex: "Re: Possible security problem?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Wed, 27 Jul 2005 16:54:46 +0100

In article <BF0DE8CF.1285C%veronique_souchon@hotmail.com>, Véronique Souchon wrote:
> On 28/7/05 1:16 AM, in article slrndef9ap.mh2.jim@odin.magrathea.local,
> "Jim" <jim@magrathea.plus.com> wrote:
>
>> In article <BF0DE290.12472%veronique_souchon@hotmail.com>, Véronique Souchon
>> wrote:
>>>
>>> I was just about to send when Little Snitch popped up with a new request,
>>> copied below.
>>>
>>>
>>> The application "nmbd" wants to connect to adsl190.231.axelero.hu on UDP
>>> port 1027 (exosee)
>>>
>>> My network utility says that this address is in Hungary.
>>>
>>> I am really, really curious. Is someone trying to use my computer illegally?
>>
>> Could it be responding to automated Windows worm connection attempts?
>>
>> Jim
>
> How would the worm be accessing my computer? I have a firewall and it is an
> Apple Macintosh iBook, not a windows system. In order for it to respond, the
> worm would have to pass a firewall with no ports but the bare minimum open.

Fair enough, it was just a thought. If your router isn't set to pass the usual
Windows ports (135-139,445) then it won't be that. Heck, it might not even be
that if you *were* passing those ports..! It was just a guess.

Jim

-- 
Find me at http://www.ursaMinorBeta.co.uk
"The voices that control me from inside my head
 Say I shouldn't kill you yet." - Jonathan Coulton, 'Skullcrusher Mountain'

---

• Next message: lanwanhr_at_yahoo.com: "VPN home worker implementation"
• Previous message: Nik: "Re: Penetration test requested!"
• In reply to:(deleted message) Véronique Souchon: "Re: Possible security problem?"
• Next in thread: Alex: "Re: Possible security problem?"
• Reply: Alex: "Re: Possible security problem?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: ICF and File Sharing ... Those ports are the critical ones and should not be opened without any valid reason. ... Windows XP Shell ... What You Should Know About the Sasser Worm and It Variants: ... (microsoft.public.windowsxp.general) FW: Actions for the Blaster Worm - Special Edition, TechNet Flash ... Actions for the Blaster Worm - Special Edition, ... You are receiving this message because you are a Microsoft newsletter ... Presence of the file msblast.exe in the WINDOWS SYSTEM32 directory ... antivirus vendor and scan your machine. ... (Focus-Microsoft) Re: Cant apply KB835732 on various Win2k systems ... So these machines have the Sasser worm? ... Microsoft has learned about a worm identified as "W32.Sasser.worm" that is ... Windows XP Professional ... > AnalyzePhaseOne: used 7691 ticks ... (microsoft.public.win2000.security) Safeguard Your PC Against the Downadup Worm ... Safeguard Your PC Against the Downadup Worm ... How to protect your PC from the biggest worm in years. ... Security experts say it's the biggest worm attack in years, ... Windows that Microsoft Corp. patched nearly four months ago. ... (alt.comp.anti-virus) [NEWS] A new Mass-Mailing and Backdoor Capable Worm Found in the Wild ... The worm uses the common auto-reply feature from an infected client to ... This directory varies with each version of Windows: ... It creates this registry entry to load the DLL file during startup: ... Message Body: Adult content!!! ... (Securiteam)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(15)