Blaster Worm
- Thread starter listedguru
- Start date
Dear MY ISP Members,
We are writing to inform all of our customers running Microsoft
Windows 2000 or XP operating systems of a recent viral threat to
the Internet. If you do not have any computers running either of
these operating systems, you may disregard this alert.
The most recent virus threat to the Internet, "W32.Blaster.Worm",
also known as, W32/Lovsan.worm [McAfee], Win32.Poza [CA], Lovsan
[F-Secure], WORM_MSBLAST.A [Trend], W32/Blaster-A [Sophos],
W32/Blaster [Panda] has been upgraded by Symantec to a Category 4
(of 5) threat.
This worm exploits the DCOM RPC vulnerability using TCP port 135.
It then attempts to download and run the Msblast.exe file.
Although the main activity of this worm is set to trigger on
8/16/03, the worm's impact is already being felt as the traffic
generated by the propagation decreases the overall throughput of
everyone accessing the Internet.
Due to the widespread propagation of this worm and serious nature
of the threat, we are alerting all of our customers and request
that you take immediate steps to ensure all of your machines are
secured against this worm.
For further detail regarding this worm, please visit:
Symantec:
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html
McAffee:
http://us.mcafee.com/virusInfo/default.asp?id=lovsan
To remove this worm from your system, please visit:
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html
Once you have removed the worm from your system, please download
the patch detailed in Microsoft Security Bulletin MS03-026:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp
This bulletin's FAQ details other options for securing your
machine against this threat.
Additionally, we ask that you run a full 'Microsoft Update' to
ensure your machine is fully protected from this worm and any
other security concerns. It will be necessary to reboot all
machines that are patched and updated, otherwise the updates will
not take affect.
A final, advanced, step to fully secure your network is to close
port 135/tcp (and, if possible, 135-139, 445 and 593), and
monitor TCP Port 444 and UDP Port 69 (tftp), which are also
utilized by this worm.
It is vital for the security of your personal network and the
MY ISP network as a whole that you take these actions. If we
receive complaints about your circuit that we determine are the
result of this worm, we will contact you again to assist you with
securing your machine. Further complaints may result in the
temporary suspension of your broadband service until you have had
time to remove the infection from your network. Please know that
we consider an interruption in your service only when it is
absolutely required to ensure both your security and the overall
security of our entire network.
We thank you for taking the time to address these Internet
security concerns,
Your ISPCrew
Hope it helps you.
We are writing to inform all of our customers running Microsoft
Windows 2000 or XP operating systems of a recent viral threat to
the Internet. If you do not have any computers running either of
these operating systems, you may disregard this alert.
The most recent virus threat to the Internet, "W32.Blaster.Worm",
also known as, W32/Lovsan.worm [McAfee], Win32.Poza [CA], Lovsan
[F-Secure], WORM_MSBLAST.A [Trend], W32/Blaster-A [Sophos],
W32/Blaster [Panda] has been upgraded by Symantec to a Category 4
(of 5) threat.
This worm exploits the DCOM RPC vulnerability using TCP port 135.
It then attempts to download and run the Msblast.exe file.
Although the main activity of this worm is set to trigger on
8/16/03, the worm's impact is already being felt as the traffic
generated by the propagation decreases the overall throughput of
everyone accessing the Internet.
Due to the widespread propagation of this worm and serious nature
of the threat, we are alerting all of our customers and request
that you take immediate steps to ensure all of your machines are
secured against this worm.
For further detail regarding this worm, please visit:
Symantec:
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html
McAffee:
http://us.mcafee.com/virusInfo/default.asp?id=lovsan
To remove this worm from your system, please visit:
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html
Once you have removed the worm from your system, please download
the patch detailed in Microsoft Security Bulletin MS03-026:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp
This bulletin's FAQ details other options for securing your
machine against this threat.
Additionally, we ask that you run a full 'Microsoft Update' to
ensure your machine is fully protected from this worm and any
other security concerns. It will be necessary to reboot all
machines that are patched and updated, otherwise the updates will
not take affect.
A final, advanced, step to fully secure your network is to close
port 135/tcp (and, if possible, 135-139, 445 and 593), and
monitor TCP Port 444 and UDP Port 69 (tftp), which are also
utilized by this worm.
It is vital for the security of your personal network and the
MY ISP network as a whole that you take these actions. If we
receive complaints about your circuit that we determine are the
result of this worm, we will contact you again to assist you with
securing your machine. Further complaints may result in the
temporary suspension of your broadband service until you have had
time to remove the infection from your network. Please know that
we consider an interruption in your service only when it is
absolutely required to ensure both your security and the overall
security of our entire network.
We thank you for taking the time to address these Internet
security concerns,
Your ISPCrew
Hope it helps you.
I hear ya knockin butcha can't come in !!!
*BlackIce*
I couldn't say whether BlackIce is as good or better than anything else but this is what it's been stopping from entering my pc for the last coupla days.
Time, Event, Intruder, Count
08/13/03 01:30:26 AM, MSRPC TCP port probe, MAIN, 3
08/13/03 01:23:01 AM, MSRPC TCP port probe, CHRISS, 3
08/13/03 01:19:39 AM, MSRPC TCP port probe, PRAVONGFAMILY, 1
08/13/03 01:18:29 AM, MSRPC TCP port probe, QUALITYDETAIL, 2
08/13/03 01:13:53 AM, MSRPC TCP port probe, ACC015F1.ipt.aol.com, 3
08/12/03 07:10:36 PM, MSRPC TCP port probe, host-216-78-25-138.clt.bellsouth.net, 2
08/12/03 07:10:18 PM, MSRPC TCP port probe, host-216-78-21-20.cae.bellsouth.net, 1
08/12/03 07:09:57 PM, MSRPC TCP port probe, host-216-78-9-183.lft.bellsouth.net, 1
08/12/03 07:08:58 PM, MSRPC TCP port probe, host-216-78-27-30.clt.bellsouth.net, 1
08/12/03 07:02:51 PM, MSRPC TCP port probe, host-216-78-40-151.ath.bellsouth.net, 2
08/12/03 07:02:42 PM, MSRPC TCP port probe, c-67-166-119-202.client.comcast.net, 1
08/12/03 07:02:39 PM, MSRPC TCP port probe, host-216-78-14-129.lft.bellsouth.net, 1
08/12/03 06:57:43 PM, MSRPC TCP port probe, host-216-78-19-70.clt.bellsouth.net, 1
08/12/03 06:57:25 PM, MSRPC TCP port probe, host-216-78-31-199.tys.bellsouth.net, 1
08/12/03 06:53:41 PM, MSRPC TCP port probe, host-216-78-30-170.tys.bellsouth.net, 1
08/12/03 06:50:04 PM, MSRPC TCP port probe, MEIER-MAIL-SRV, 2
08/12/03 06:50:01 PM, MSRPC TCP port probe, TSP2003-S, 2
08/12/03 06:49:32 PM, MSRPC TCP port probe, host-216-78-37-61.ath.bellsouth.net, 1
08/12/03 01:52:26 PM, UDP port probe, 65.54.240.61, 1
08/12/03 04:08:04 AM, MSRPC TCP port probe, host-66-81-223-97.rev.o1.com, 2
08/12/03 04:07:52 AM, MSRPC TCP port probe, host-66-81-131-203.rev.o1.com, 2
08/12/03 04:07:37 AM, MSRPC TCP port probe, host-66-81-189-212.rev.o1.com, 1
08/12/03 04:05:21 AM, MSRPC TCP port probe, YOUR-6JNHHU0520, 1
08/12/03 04:05:20 AM, MSRPC TCP port probe, host-66-81-246-123.rev.o1.com, 1
08/12/03 04:04:50 AM, MSRPC TCP port probe, host-66-81-212-135.rev.o1.com, 1
08/12/03 04:03:37 AM, MSRPC TCP port probe, host-66-81-255-56.rev.o1.com, 2
08/12/03 04:00:12 AM, MSRPC TCP port probe, host-66-81-61-16.rev.o1.com, 1
08/12/03 03:59:25 AM, MSRPC TCP port probe, host-66-81-180-79.rev.o1.com, 1
08/12/03 03:52:46 AM, MSRPC TCP port probe, host-66-81-73-50.rev.o1.com, 1
08/12/03 03:52:38 AM, MSRPC TCP port probe, host-66-81-211-195.rev.o1.com, 2
08/12/03 03:52:16 AM, MSRPC TCP port probe, host-66-81-255-187.rev.o1.com, 1
08/12/03 03:51:41 AM, MSRPC TCP port probe, host-66-81-203-212.rev.o1.com, 1
08/12/03 03:51:13 AM, MSRPC TCP port probe, host-66-81-246-130.rev.o1.com, 3
08/12/03 03:46:45 AM, MSRPC TCP port probe, host-66-81-133-200.rev.o1.com, 1
08/12/03 03:46:39 AM, MSRPC TCP port probe, 12-220-79-231.client.insightBB.com, 2
08/12/03 03:46:27 AM, MSRPC TCP port probe, cdm-66-194-149-hbsp.cox-internet.com, 2
08/12/03 03:46:16 AM, MSRPC TCP port probe, host-66-81-148-139.rev.o1.com, 1
08/12/03 03:41:22 AM, MSRPC TCP port probe, host-66-81-255-152.rev.o1.com, 1
08/12/03 03:38:48 AM, MSRPC TCP port probe, host-66-81-198-215.rev.o1.com, 3
08/12/03 03:38:22 AM, MSRPC TCP port probe, host-66-81-255-11.rev.o1.com, 1
08/12/03 03:38:15 AM, MSRPC TCP port probe, host-66-81-158-186.rev.o1.com, 1
08/12/03 03:37:52 AM, MSRPC TCP port probe, host-69-19-140-136.rev.o1.com, 3
08/12/03 03:37:35 AM, MSRPC TCP port probe, host-66-81-192-131.rev.o1.com, 1
08/12/03 03:34:23 AM, MSRPC TCP port probe, cdm-66-3-207.mnol.cox-internet.com, 1
08/12/03 03:34:08 AM, NetBIOS port probe, ip-64-139-0-68.dsl.sca.megapath.net, 2
08/12/03 03:32:04 AM, MSRPC TCP port probe, host-66-81-207-149.rev.o1.com, 1
08/12/03 03:28:29 AM, MSRPC TCP port probe, host-66-81-184-187.rev.o1.com, 1
08/12/03 03:28:03 AM, MSRPC TCP port probe, host-66-81-197-168.rev.o1.com, 2
08/12/03 03:27:42 AM, MSRPC TCP port probe, host-66-81-218-153.rev.o1.com, 1
08/12/03 03:26:54 AM, MSRPC TCP port probe, 69.19.171.118, 1
08/12/03 03:26:36 AM, MSRPC TCP port probe, host-66-81-190-85.rev.o1.com, 2
08/12/03 03:26:28 AM, MSRPC TCP port probe, host-66-81-187-157.rev.o1.com, 1
08/12/03 03:25:33 AM, HTTP port probe, SABOOR8, 9
08/12/03 03:24:55 AM, MSRPC TCP port probe, host-66-81-23-203.rev.o1.com, 19
08/12/03 03:21:42 AM, MSRPC TCP port probe, cdm-66-252-236-tyrd.cox-internet.com, 2
08/12/03 03:21:29 AM, MSRPC TCP port probe, SCHWARZ, 2
08/12/03 03:21:12 AM, MSRPC TCP port probe, 218.18.78.182, 1
08/12/03 03:19:40 AM, MSRPC TCP port probe, host-66-81-57-109.rev.o1.com, 1
08/12/03 03:18:28 AM, MSRPC TCP port probe, host-66-81-218-6.rev.o1.com, 1
08/12/03 03:15:36 AM, MSRPC TCP port probe, host-66-81-180-164.rev.o1.com, 2
08/12/03 03:15:20 AM, MSRPC TCP port probe, host-66-81-175-213.rev.o1.com, 2
08/12/03 03:13:13 AM, MSRPC TCP port probe, host-66-81-133-141.rev.o1.com, 1
08/12/03 03:11:03 AM, MSRPC TCP port probe, host-66-81-32-86.rev.o1.com, 1
08/12/03 03:10:23 AM, MSRPC TCP port probe, host-66-81-176-244.rev.o1.com, 1
08/12/03 03:09:34 AM, MSRPC TCP port probe, host-66-81-184-161.rev.o1.com, 1
08/12/03 03:08:41 AM, MSRPC TCP port probe, host-66-81-212-189.rev.o1.com, 1
08/12/03 02:40:22 AM, MSRPC TCP port probe, host-66-81-211-76.rev.o1.com, 1
08/12/03 02:38:10 AM, MSRPC TCP port probe, host-66-81-29-23.rev.o1.com, 1
08/12/03 02:37:42 AM, MSRPC TCP port probe, host-66-81-190-238.rev.o1.com, 2
08/12/03 02:36:22 AM, MSRPC TCP port probe, host-66-81-130-73.rev.o1.com, 1
08/12/03 02:14:27 AM, MSRPC TCP port probe, host-66-81-254-154.rev.o1.com, 2
08/12/03 02:14:24 AM, MSRPC TCP port probe, host-66-81-137-251.rev.o1.com, 1
08/12/03 02:14:00 AM, MSRPC TCP port probe, WSD, 1
08/12/03 02:13:57 AM, MSRPC TCP port probe, host-66-81-255-44.rev.o1.com, 1
08/12/03 02:13:53 AM, MSRPC TCP port probe, host-66-81-63-128.rev.o1.com, 1
08/12/03 02:13:34 AM, MSRPC TCP port probe, dup-148-221-112-1.prodigy.net.mx, 2
08/12/03 12:05:57 AM, MSRPC TCP port probe, host-66-81-202-31.rev.o1.com, 1
08/12/03 12:05:33 AM, MSRPC TCP port probe, host-66-81-152-208.rev.o1.com, 2
08/12/03 12:03:34 AM, MSRPC TCP port probe, host-66-81-243-43.rev.o1.com, 1
08/12/03 12:00:21 AM, MSRPC TCP port probe, host-66-81-175-137.rev.o1.com, 1
08/11/03 11:58:47 PM, MSRPC TCP port probe, host-66-81-255-198.rev.o1.com, 1
08/11/03 11:58:25 PM, MSRPC TCP port probe, host-66-81-75-113.rev.o1.com, 1
08/11/03 11:57:55 PM, MSRPC TCP port probe, host-66-81-173-249.rev.o1.com, 1
08/11/03 11:55:56 PM, MSRPC TCP port probe, host-66-81-252-23.rev.o1.com, 3
08/11/03 11:49:27 PM, MSRPC TCP port probe, host-66-81-240-126.rev.o1.com, 1
08/11/03 11:49:24 PM, MSRPC TCP port probe, host-66-81-251-102.rev.o1.com, 1
08/11/03 11:48:26 PM, SubSeven port probe, ZWERCH, 1
08/11/03 11:48:07 PM, MSRPC TCP port probe, host-66-81-27-80.rev.o1.com, 2
08/11/03 11:47:37 PM, MSRPC TCP port probe, host-66-81-242-208.rev.o1.com, 1
08/11/03 11:46:42 PM, MSRPC TCP port probe, host-66-81-158-15.rev.o1.com, 1
08/11/03 11:38:00 PM, MSRPC TCP port probe, host-66-81-196-132.rev.o1.com, 1
08/11/03 11:37:43 PM, MSRPC TCP port probe, host-66-81-68-206.rev.o1.com, 1
08/11/03 11:27:16 PM, MSRPC TCP port probe, host-66-81-51-42.rev.o1.com, 1
08/11/03 11:25:10 PM, MSRPC TCP port probe, SERVER, 1
08/11/03 11:24:58 PM, MSRPC TCP port probe, host-66-81-46-99.rev.o1.com, 1
08/11/03 11:23:29 PM, MSRPC TCP port probe, roc-66-66-65-61.rochester.rr.com, 1
08/11/03 11:21:30 PM, MSRPC TCP port probe, 69.19.170.172, 1
08/11/03 11:21:14 PM, MSRPC TCP port probe, host-66-81-255-94.rev.o1.com, 2
08/11/03 10:52:14 PM, MSRPC TCP port probe, host-66-81-38-67.rev.o1.com, 2
*BlackIce*
I couldn't say whether BlackIce is as good or better than anything else but this is what it's been stopping from entering my pc for the last coupla days.
Time, Event, Intruder, Count
08/13/03 01:30:26 AM, MSRPC TCP port probe, MAIN, 3
08/13/03 01:23:01 AM, MSRPC TCP port probe, CHRISS, 3
08/13/03 01:19:39 AM, MSRPC TCP port probe, PRAVONGFAMILY, 1
08/13/03 01:18:29 AM, MSRPC TCP port probe, QUALITYDETAIL, 2
08/13/03 01:13:53 AM, MSRPC TCP port probe, ACC015F1.ipt.aol.com, 3
08/12/03 07:10:36 PM, MSRPC TCP port probe, host-216-78-25-138.clt.bellsouth.net, 2
08/12/03 07:10:18 PM, MSRPC TCP port probe, host-216-78-21-20.cae.bellsouth.net, 1
08/12/03 07:09:57 PM, MSRPC TCP port probe, host-216-78-9-183.lft.bellsouth.net, 1
08/12/03 07:08:58 PM, MSRPC TCP port probe, host-216-78-27-30.clt.bellsouth.net, 1
08/12/03 07:02:51 PM, MSRPC TCP port probe, host-216-78-40-151.ath.bellsouth.net, 2
08/12/03 07:02:42 PM, MSRPC TCP port probe, c-67-166-119-202.client.comcast.net, 1
08/12/03 07:02:39 PM, MSRPC TCP port probe, host-216-78-14-129.lft.bellsouth.net, 1
08/12/03 06:57:43 PM, MSRPC TCP port probe, host-216-78-19-70.clt.bellsouth.net, 1
08/12/03 06:57:25 PM, MSRPC TCP port probe, host-216-78-31-199.tys.bellsouth.net, 1
08/12/03 06:53:41 PM, MSRPC TCP port probe, host-216-78-30-170.tys.bellsouth.net, 1
08/12/03 06:50:04 PM, MSRPC TCP port probe, MEIER-MAIL-SRV, 2
08/12/03 06:50:01 PM, MSRPC TCP port probe, TSP2003-S, 2
08/12/03 06:49:32 PM, MSRPC TCP port probe, host-216-78-37-61.ath.bellsouth.net, 1
08/12/03 01:52:26 PM, UDP port probe, 65.54.240.61, 1
08/12/03 04:08:04 AM, MSRPC TCP port probe, host-66-81-223-97.rev.o1.com, 2
08/12/03 04:07:52 AM, MSRPC TCP port probe, host-66-81-131-203.rev.o1.com, 2
08/12/03 04:07:37 AM, MSRPC TCP port probe, host-66-81-189-212.rev.o1.com, 1
08/12/03 04:05:21 AM, MSRPC TCP port probe, YOUR-6JNHHU0520, 1
08/12/03 04:05:20 AM, MSRPC TCP port probe, host-66-81-246-123.rev.o1.com, 1
08/12/03 04:04:50 AM, MSRPC TCP port probe, host-66-81-212-135.rev.o1.com, 1
08/12/03 04:03:37 AM, MSRPC TCP port probe, host-66-81-255-56.rev.o1.com, 2
08/12/03 04:00:12 AM, MSRPC TCP port probe, host-66-81-61-16.rev.o1.com, 1
08/12/03 03:59:25 AM, MSRPC TCP port probe, host-66-81-180-79.rev.o1.com, 1
08/12/03 03:52:46 AM, MSRPC TCP port probe, host-66-81-73-50.rev.o1.com, 1
08/12/03 03:52:38 AM, MSRPC TCP port probe, host-66-81-211-195.rev.o1.com, 2
08/12/03 03:52:16 AM, MSRPC TCP port probe, host-66-81-255-187.rev.o1.com, 1
08/12/03 03:51:41 AM, MSRPC TCP port probe, host-66-81-203-212.rev.o1.com, 1
08/12/03 03:51:13 AM, MSRPC TCP port probe, host-66-81-246-130.rev.o1.com, 3
08/12/03 03:46:45 AM, MSRPC TCP port probe, host-66-81-133-200.rev.o1.com, 1
08/12/03 03:46:39 AM, MSRPC TCP port probe, 12-220-79-231.client.insightBB.com, 2
08/12/03 03:46:27 AM, MSRPC TCP port probe, cdm-66-194-149-hbsp.cox-internet.com, 2
08/12/03 03:46:16 AM, MSRPC TCP port probe, host-66-81-148-139.rev.o1.com, 1
08/12/03 03:41:22 AM, MSRPC TCP port probe, host-66-81-255-152.rev.o1.com, 1
08/12/03 03:38:48 AM, MSRPC TCP port probe, host-66-81-198-215.rev.o1.com, 3
08/12/03 03:38:22 AM, MSRPC TCP port probe, host-66-81-255-11.rev.o1.com, 1
08/12/03 03:38:15 AM, MSRPC TCP port probe, host-66-81-158-186.rev.o1.com, 1
08/12/03 03:37:52 AM, MSRPC TCP port probe, host-69-19-140-136.rev.o1.com, 3
08/12/03 03:37:35 AM, MSRPC TCP port probe, host-66-81-192-131.rev.o1.com, 1
08/12/03 03:34:23 AM, MSRPC TCP port probe, cdm-66-3-207.mnol.cox-internet.com, 1
08/12/03 03:34:08 AM, NetBIOS port probe, ip-64-139-0-68.dsl.sca.megapath.net, 2
08/12/03 03:32:04 AM, MSRPC TCP port probe, host-66-81-207-149.rev.o1.com, 1
08/12/03 03:28:29 AM, MSRPC TCP port probe, host-66-81-184-187.rev.o1.com, 1
08/12/03 03:28:03 AM, MSRPC TCP port probe, host-66-81-197-168.rev.o1.com, 2
08/12/03 03:27:42 AM, MSRPC TCP port probe, host-66-81-218-153.rev.o1.com, 1
08/12/03 03:26:54 AM, MSRPC TCP port probe, 69.19.171.118, 1
08/12/03 03:26:36 AM, MSRPC TCP port probe, host-66-81-190-85.rev.o1.com, 2
08/12/03 03:26:28 AM, MSRPC TCP port probe, host-66-81-187-157.rev.o1.com, 1
08/12/03 03:25:33 AM, HTTP port probe, SABOOR8, 9
08/12/03 03:24:55 AM, MSRPC TCP port probe, host-66-81-23-203.rev.o1.com, 19
08/12/03 03:21:42 AM, MSRPC TCP port probe, cdm-66-252-236-tyrd.cox-internet.com, 2
08/12/03 03:21:29 AM, MSRPC TCP port probe, SCHWARZ, 2
08/12/03 03:21:12 AM, MSRPC TCP port probe, 218.18.78.182, 1
08/12/03 03:19:40 AM, MSRPC TCP port probe, host-66-81-57-109.rev.o1.com, 1
08/12/03 03:18:28 AM, MSRPC TCP port probe, host-66-81-218-6.rev.o1.com, 1
08/12/03 03:15:36 AM, MSRPC TCP port probe, host-66-81-180-164.rev.o1.com, 2
08/12/03 03:15:20 AM, MSRPC TCP port probe, host-66-81-175-213.rev.o1.com, 2
08/12/03 03:13:13 AM, MSRPC TCP port probe, host-66-81-133-141.rev.o1.com, 1
08/12/03 03:11:03 AM, MSRPC TCP port probe, host-66-81-32-86.rev.o1.com, 1
08/12/03 03:10:23 AM, MSRPC TCP port probe, host-66-81-176-244.rev.o1.com, 1
08/12/03 03:09:34 AM, MSRPC TCP port probe, host-66-81-184-161.rev.o1.com, 1
08/12/03 03:08:41 AM, MSRPC TCP port probe, host-66-81-212-189.rev.o1.com, 1
08/12/03 02:40:22 AM, MSRPC TCP port probe, host-66-81-211-76.rev.o1.com, 1
08/12/03 02:38:10 AM, MSRPC TCP port probe, host-66-81-29-23.rev.o1.com, 1
08/12/03 02:37:42 AM, MSRPC TCP port probe, host-66-81-190-238.rev.o1.com, 2
08/12/03 02:36:22 AM, MSRPC TCP port probe, host-66-81-130-73.rev.o1.com, 1
08/12/03 02:14:27 AM, MSRPC TCP port probe, host-66-81-254-154.rev.o1.com, 2
08/12/03 02:14:24 AM, MSRPC TCP port probe, host-66-81-137-251.rev.o1.com, 1
08/12/03 02:14:00 AM, MSRPC TCP port probe, WSD, 1
08/12/03 02:13:57 AM, MSRPC TCP port probe, host-66-81-255-44.rev.o1.com, 1
08/12/03 02:13:53 AM, MSRPC TCP port probe, host-66-81-63-128.rev.o1.com, 1
08/12/03 02:13:34 AM, MSRPC TCP port probe, dup-148-221-112-1.prodigy.net.mx, 2
08/12/03 12:05:57 AM, MSRPC TCP port probe, host-66-81-202-31.rev.o1.com, 1
08/12/03 12:05:33 AM, MSRPC TCP port probe, host-66-81-152-208.rev.o1.com, 2
08/12/03 12:03:34 AM, MSRPC TCP port probe, host-66-81-243-43.rev.o1.com, 1
08/12/03 12:00:21 AM, MSRPC TCP port probe, host-66-81-175-137.rev.o1.com, 1
08/11/03 11:58:47 PM, MSRPC TCP port probe, host-66-81-255-198.rev.o1.com, 1
08/11/03 11:58:25 PM, MSRPC TCP port probe, host-66-81-75-113.rev.o1.com, 1
08/11/03 11:57:55 PM, MSRPC TCP port probe, host-66-81-173-249.rev.o1.com, 1
08/11/03 11:55:56 PM, MSRPC TCP port probe, host-66-81-252-23.rev.o1.com, 3
08/11/03 11:49:27 PM, MSRPC TCP port probe, host-66-81-240-126.rev.o1.com, 1
08/11/03 11:49:24 PM, MSRPC TCP port probe, host-66-81-251-102.rev.o1.com, 1
08/11/03 11:48:26 PM, SubSeven port probe, ZWERCH, 1
08/11/03 11:48:07 PM, MSRPC TCP port probe, host-66-81-27-80.rev.o1.com, 2
08/11/03 11:47:37 PM, MSRPC TCP port probe, host-66-81-242-208.rev.o1.com, 1
08/11/03 11:46:42 PM, MSRPC TCP port probe, host-66-81-158-15.rev.o1.com, 1
08/11/03 11:38:00 PM, MSRPC TCP port probe, host-66-81-196-132.rev.o1.com, 1
08/11/03 11:37:43 PM, MSRPC TCP port probe, host-66-81-68-206.rev.o1.com, 1
08/11/03 11:27:16 PM, MSRPC TCP port probe, host-66-81-51-42.rev.o1.com, 1
08/11/03 11:25:10 PM, MSRPC TCP port probe, SERVER, 1
08/11/03 11:24:58 PM, MSRPC TCP port probe, host-66-81-46-99.rev.o1.com, 1
08/11/03 11:23:29 PM, MSRPC TCP port probe, roc-66-66-65-61.rochester.rr.com, 1
08/11/03 11:21:30 PM, MSRPC TCP port probe, 69.19.170.172, 1
08/11/03 11:21:14 PM, MSRPC TCP port probe, host-66-81-255-94.rev.o1.com, 2
08/11/03 10:52:14 PM, MSRPC TCP port probe, host-66-81-38-67.rev.o1.com, 2
Quote from RAMOUTAR:
I love BlackIce.
I heard that there is version which performs a "ping of death" on intruding IPs. Do you know, or ever hear of such a thing?
I haven't heard of it, but my version is about a yr old.
However, this question comes to mind. Why would you ping an intruder and even let him no that you exist, when basically B-Ice has made it look as if you don't exist?
What I'm trying to say is, if he doesn't know that you're there, why tell him. (could he not trace your ping and establish that your ip address does indeed exist?) I'm not sure, I'm no techie, I have a pretty simple mind...so I don't know all of the ins and outs of this stuff, but if my firewall told him I wasn't even there, I don't think I'd ping him. I'd leave well enough alone.
