[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Martian addresses attempts



On Sep 13, Andy Bennett <andy@xxxxxxxxx> wrote:

I have a network pf Windows PC's which has all of a sudden started to run
incredibly slowly, the PC's sometimes simply can't log on at all.

When I run the 'iptraf' programme it appears that traffic is trying to get to
ip addresses that simply aren't on the local network. The local network is
192.168.2. and all addresses should be in this range. Here is an example of a
few log entries.

48 bytes; from 192.168.2.27:2190 to 192.168.91.211:445; first packet (SYN)
48 bytes; from 192.168.2.27:2191 to 192.168.172.38:445; first packet (SYN)

This is most likely some kind of virus ... Port 445 is usually used for windows filesharing, but AFAIK it also allows windows RPC traffic, and is used by several worms andviruses.

Markus
--
__________________    /"\
Markus Gaugusch       \ /    ASCII Ribbon Campaign
markus(at)gaugusch.at  X     Against HTML Mail
                      / \

--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here