HELP! - Whats going one with my firewall log?
#1
HELP! - Whats going one with my firewall log?
Just lately my browser has been refusing to open up new pages "page unavailble". My firewall log is showing ALOT of activity of ports 135 & 445. Maybe an attempt every 20secs or so.
The source and destination IP are very similar with only the last .???.??? being different, if i reconnect, its ok for a minute and then the same thing starts to happen. Is this my own computer making these requests?
The source DNS is from by own service provider everytime.
Any help greatly appreciated.
Boro.
The source and destination IP are very similar with only the last .???.??? being different, if i reconnect, its ok for a minute and then the same thing starts to happen. Is this my own computer making these requests?
The source DNS is from by own service provider everytime.
Any help greatly appreciated.
Boro.
#2
Originally Posted by Boro
Just lately my browser has been refusing to open up new pages "page unavailble". My firewall log is showing ALOT of activity of ports 135 & 445. Maybe an attempt every 20secs or so.
The source and destination IP are very similar with only the last .???.??? being different, if i reconnect, its ok for a minute and then the same thing starts to happen. Is this my own computer making these requests?
The source DNS is from by own service provider everytime.
Any help greatly appreciated.
Boro.
The source and destination IP are very similar with only the last .???.??? being different, if i reconnect, its ok for a minute and then the same thing starts to happen. Is this my own computer making these requests?
The source DNS is from by own service provider everytime.
Any help greatly appreciated.
Boro.
#4
Originally Posted by Boro
any ideas?
Nick
TCP Port 135
Common Use
Microsoft Remote Procedure Call (RPC) service.
Inbound Scan
Currently inbound scans are likely the Nachi or MSBlast worms.
Outbound Scan
Outbound scans if occurring in volume should be considered an indication of a possible worm infection on the source computer and should be investigated.
TCP Port 445
Common Use
Microsoft-DS Service is used for resource sharing on Windows 2000, XP, 2003, and other samba based connections. This is the port that is used to connect file shares for example.
Inbound Traffic
Inbound scans are typically systems which are trying to connect to file shares that might be available on your system and hence these should be blocked. While most of this traffic is the result of worms or viruses which can use open file shares to propagate, they also can be the result of malicious users attempt to connect to your computer. Once connected they can download, upload or even delete or edit files on the connected file share. If you use open file shares (including sharing of printers, etc) on your local network (LAN), then you should be using a firewall such that your local file shares are not accessible from the internet. Connecting to open file shares is likely the easiest and most common hack on the internet and yet one of the most effective for malicious activities like identity theft or installing RATs (Remote Access Trojans) to take control of systems remotely for example.
Lately TCP Port 445 has become the target of LSASS exploiting worms like Sasser and Korgo.
Outbound Traffic
Outbound scans if occurring in volume should be considered an indication of a possible worm infection on the source computer and should be investigated. If there are systems to which you remotely connect to, then those systems should be marked as trusted IPs within Link Logger such that future authorized events will be logged as normal traffic.
Trending Topics
#9
Moderator
iTrader: (5)
Join Date: Nov 2001
Location: Not all those who wander are lost
Posts: 17,863
Received 0 Likes
on
0 Posts
Do a search on your C drive for a file called "hosts" and just check that there are no entires like . . . .
www.sophos.com 127.0.0.0.1
www.sophos.com 127.0.0.0.1
#10
Or its just the internet worms doing the rounds, hitting your firewall which is stopping them and logging it??
It even says so on the post by Nicks.
The viri target the rpc port, and I'm sure there are other viri (these might do it as well) that also target file share ports.
It even says so on the post by Nicks.
The viri target the rpc port, and I'm sure there are other viri (these might do it as well) that also target file share ports.
Thread
Thread Starter
Forum
Replies
Last Post
ossett2k2
Engine Management and ECU Remapping
15
23 September 2015 09:11 AM
Welloilbeefhooked
Engine Management and ECU Remapping
5
12 September 2015 05:32 PM