[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Martian addresses attempts



Am Montag, 13. September 2004 11:27 schrieb Andy Bennett:
> I have a network pf Windows PC's which has all of a sudden started
> to run incredibly slowly, the PC's sometimes simply can't log on at
> all.
>
> When I run the 'iptraf' programme it appears that traffic is trying
> to get to ip addresses that simply aren't on the local network. The
> local network is 192.168.2. and all addresses should be in this
> range. Here is an example of a few log entries.
>
> 48 bytes; from 192.168.2.27:2190 to 192.168.91.211:445; first
> packet (SYN) 48 bytes; from 192.168.2.27:2191 to
> 192.168.172.38:445; first packet (SYN) 48 bytes; from
> 192.168.2.27:2192 to 192.168.168.5:445; first packet (SYN) 48
> bytes; from 192.168.2.27:2193 to 192.168.51.177:445; first packet
> (SYN) 48 bytes; from 192.168.2.27:2194 to 192.168.250.226:445;
> first packet (SYN) 48 bytes; from 192.168.2.27:2195 to
> 192.168.23.69:445; first packet (SYN)
>
> Anyone got any idea what could be causing this.

first suspect: the windows pc with the address 192.168.2.27 has been 
infected with a virus. run an actual virus scanner on it.

after that, beat the user of that box for clicking "ok" without 
thinking and for opening attachments in emails from unknown people.


bye,
 MH

-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here