Something weird going in ... ZoneAlarm might be good idea :(
09 August 2001, 10:41 PM
#1
Scooby Regular
Thread Starter
Join Date: Oct 1999
Posts: 3,491
Likes: 0
Received 0 Likes
on
0 Posts
No scaremongering, but ...
I had about 3000 alarms in the last 3 days from my PC being scanned.
Looks like another trojan becoming active ...
Just make sure that you have some kind of protection on your PC. ZoneAlarm is pretty good and free, but others may be equally useful.
See
I had about 3000 alarms in the last 3 days from my PC being scanned.
Looks like another trojan becoming active ...
Just make sure that you have some kind of protection on your PC. ZoneAlarm is pretty good and free, but others may be equally useful.
See
09 August 2001, 10:50 PM
#2
Scooby Regular
Join Date: May 2000
Posts: 869
Likes: 0
Received 0 Likes
on
0 Posts
Its good to keep reminding people!
Had a consultant at work this week who complained about a lot of data being sent down his dialup link (which he left connected all day).
It had transferred over 100mb -
netstat -na revealed over 5000 open ports. On reboot, over 2000 ports were opened immediately.
He had a trojan, hadn't updated the virus files in 6 weeks and had no personal firewall. Told him to talk to his IT dept who told him that the laptops were 'self managing' ie he had to do it himself!!!
Regularly updated virus checker plus personal firewall and regular patching isn't just for those of us who run servers....
Had a consultant at work this week who complained about a lot of data being sent down his dialup link (which he left connected all day).
It had transferred over 100mb -
netstat -na revealed over 5000 open ports. On reboot, over 2000 ports were opened immediately.
He had a trojan, hadn't updated the virus files in 6 weeks and had no personal firewall. Told him to talk to his IT dept who told him that the laptops were 'self managing' ie he had to do it himself!!!
Regularly updated virus checker plus personal firewall and regular patching isn't just for those of us who run servers....
09 August 2001, 11:05 PM
#4
Scooby Regular
Thread Starter
Join Date: Oct 1999
Posts: 3,491
Likes: 0
Received 0 Likes
on
0 Posts
OK, just to update ... all scans seem to go to port 80, so it may be the Code Red thing relaunching.
If you are not running IIS, you don't have to worry about this one. Still, recommendation of a personal firewall still holds.
Theo
If you are not running IIS, you don't have to worry about this one. Still, recommendation of a personal firewall still holds.
Theo
10 August 2001, 01:32 AM
#6
Scooby Regular
Join Date: May 2000
Posts: 869
Likes: 0
Received 0 Likes
on
0 Posts
most of the connections to port 80 at the moment will be code red, or one of its variants/children.
i'm seeing >50 attempts per day.
depends on your ip address: a mate's server is getting 200 attempts per day.
oh well, only 10 days of it to go (until the 1st Sept, anyway).
cleanup of code red 1 is easy as its memory based only: reboot, then patch to stop re-infection.
code red 2 is a bit more tricky....plenty of sites with the info needed though.
i'm seeing >50 attempts per day.
depends on your ip address: a mate's server is getting 200 attempts per day.
oh well, only 10 days of it to go (until the 1st Sept, anyway).
cleanup of code red 1 is easy as its memory based only: reboot, then patch to stop re-infection.
code red 2 is a bit more tricky....plenty of sites with the info needed though.
Trending Topics
Thread
Thread Starter
Forum
Replies
Last Post
Mattybr5@MB Developments
Full Cars Breaking For Spares
20
22 October 2015 06:12 AM
jobegold@hotmail.co.uk
ScoobyNet General
43
24 September 2015 02:16 PM
Adam Kindness
ScoobyNet General
0
15 September 2015 03:31 PM