[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Martian addresses attempts

On Sep 13, Andy Bennett <andy@xxxxxxxxx> wrote:

I have a network pf Windows PC's which has all of a sudden started to run
incredibly slowly, the PC's sometimes simply can't log on at all.

When I run the 'iptraf' programme it appears that traffic is trying to get to
ip addresses that simply aren't on the local network. The local network is
192.168.2. and all addresses should be in this range. Here is an example of a
few log entries.

48 bytes; from to; first packet (SYN)
48 bytes; from to; first packet (SYN)

This is most likely some kind of virus ... Port 445 is usually used for windows filesharing, but AFAIK it also allows windows RPC traffic, and is used by several worms andviruses.

__________________    /"\
Markus Gaugusch       \ /    ASCII Ribbon Campaign
markus(at)gaugusch.at  X     Against HTML Mail
                      / \

Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here