Re: That's what happens when we think we don't need fiirewalls
From: George Hester (hesterloli@hotmail.com)
Date: 01/28/03
- Next message: John Banes [MS]: "Re: What is a stack buffer overflow?"
- Previous message: rich: "locked site"
- In reply to: Bill Sanderson: "Re: That's what happens when we think we don't need fiirewalls"
- Next in thread: Bill Sanderson: "Re: That's what happens when we think we don't need fiirewalls"
- Reply: Bill Sanderson: "Re: That's what happens when we think we don't need fiirewalls"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "George Hester" <hesterloli@hotmail.com> Date: Mon, 27 Jan 2003 23:48:49 -0500
Hmmm I've had this IP address for Months. Too long. And I do not use that P2P stuff. And even if it was what is it doing trying to access nbf.sys? Isn't that NetBEUI? But from what you say it looks like it really isn't all that dangersous. Just adds to resource usage in my firewall?
-- George Hester __________________________________ "Bill Sanderson" <Bill_Sanderson@msn.com.plugh.org> wrote in message news:udMV0unxCHA.1644@TK2MSFTNGP12... > Googling, it appears that this port is associated with Edonkey p2p exchange > system. > > Is your IP dynamic? Perhaps you inherited the IP of someone who was a heavy > Edonkey user? > > This is a pretty superficial analysis, but this seems to be a pretty > frequent answer for this sort of query. > > "George Hester" <hesterloli@hotmail.com> wrote in message > news:eo8R2lmxCHA.1936@TK2MSFTNGP10... > Well I still don't but I suppose I'll just have to prove to myself I do. I > got that SQL worm DOD right when it hit the US East Coast early on the > morning of 25 January 2003. I thought it was my ISP and of course we tried > to figure it out and I just shutdown the server till I could devote more > time to it. Anyway one thing I did was reinstall the firewall, Sygate until > I could calm down what was happening. > > Well I did that relatively easy and decided to run without the firewall > going and see if the fix provided by Microsoft was truly a fix. It was. > > But I decided to turn back on the firewall just to make sure these UDP > connections (ALL) were not being accepted. But that is not all that seems > to be going on. This is what is bothering me now and if I could get some > feedback on this what it is if I can reduce it that sort of thing. > > I am seeing 1000s and I do mean 1000s of TCP Protocol direction incoming > MyIP Destination Port 4662 Source IP (a number of them most the same all the > time; 200.93.25.240; 80.26.98.190; ...) and from Source Ports many (3188; > 21808; 3776;...) and the application that is being accessed here is > C:\WINNT\system32\drivers\nbf.sys. > > What is all this? Is this safe? Does it mean anything or am I seeing just > benign stuff? All are being blocked but I know blocking can take resources > so if I had some understanding of what's going on maybe I can invest in > something so that it is not my machine that is handling these requests > Maybe I don't even have to be concerned with these requests? Thanks. > > -- > George Hester > __________________________________ > >
- Next message: John Banes [MS]: "Re: What is a stack buffer overflow?"
- Previous message: rich: "locked site"
- In reply to: Bill Sanderson: "Re: That's what happens when we think we don't need fiirewalls"
- Next in thread: Bill Sanderson: "Re: That's what happens when we think we don't need fiirewalls"
- Reply: Bill Sanderson: "Re: That's what happens when we think we don't need fiirewalls"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
