Dr Nick

Hi Everybody!

No its not just paranoia.

Since about 10 pm last night my PC has been under attack approximately every 15 seconds from external sources trying to push me a trojan.

Is anyone else experiencing this? Check your logs people.

I have a firewall thats bang up to date and all the latest windows patches but it still disturbs me. So instead of leaving my adsl on all the time, this morning I set it to disconnect when idle.

A question for the experts: What is the point in continually attacking my computer with the same trojan over and over? Surely if it fails once an attacker would give up and try something else? Am I missing the point?

Cheers

Neil Smalley

It's probably an automated attack from the MSBLAST worm. So i suspect it'll still happen until the machine that's trying to infect you is cleaned.

Dr Nick

I thought that might be the case.

However, the attack is coming from a never ending stream of different IP addresses - according to my logs.

Could this still be one machine doing it?

Is it possible to fake IP addresses?

chiark

Yup, it's random. If it's all on port 135 is blaster.

Don't worry about it.

Dr Nick

How do you tell which port it is?

Is that the number after the colon like:

123.321.123.321:135

Dream Weaver

Yep

Figment

How do I block specific ports? I have a Netgear router and can see where to set port forwarding, but not port blocking? Advice please?

douglasb

I've had the same symptoms of loads of Trojan attacks from different IP addresses starting about 22.30 yesterday. However, they seem to be on port 27374. Is this the same thing?

Doug

chiark

If you're worried, use an intrusion detection system to analyse your logs...

Blocking ports depends on the router, but it should be possible.

Nick.

beemerboy

a quick measure for a home pc would be something like tiny personal firewall.
thats what i'm using (software based) and touch wood, seems to be fending off the nasties.....

good luck

BB

Chris L

Dr Nick

Have you been picking up these attacks on the firewall logs? If so, then it sounds like it is doing its job. Download the patch from the Microsoft website (if you haven't already done so) and you should be OK.

Chris

ianmiller999

Just a small question I am guessing even if you do have the patch the virus will still try to get past a firewall but it can do no damage????

gregh

I don't seem to be getting any attacks in my firewall, despite the PC being on ADSL for 48hrs+

maybe my router is blocking it



Greg

JackClark

Does your Router have log files, if so take a look at the incomming traffic. Don't want you to feel left out

Dr Nick

In reply to Chirs,

I got my info from the log files and AFAIK all software is bang up to date so I think I am safe..... for now.

However, as others have also now mentioned. What is the effect, if any, of this constant bombardment on my PC? if you know....

Cheers!

And thanks for all the other comments from others too...glad to know I'm not alone here.

gregh

log files turned off on the router, the supplier forums says:

If it is in NAT mode then you will be fine.

Which I am, hence no issues for me!

Greg