Message boards :
Number crunching :
Security Alert
Message board moderation
Author | Message |
---|---|
Ace Casino Send message Joined: 5 Feb 03 Posts: 285 Credit: 29,750,804 RAC: 15 |
I just got on my computer to see if Seti was back on-line. I went to the Seti home page, saw that it was, so decided to upload WU's and download some work. I than got a security alert from my Norton Anti Virus. This is what came up and what it said: Norton Internet Worm Protection has detected and blocked an intrusion attempt. Security rule: Default Block Orifice 2000 Trojan horse. Local address: 4.248.255.220 Remote address: 219.249.138.14 I was not on any other site but Seti. No e-mails. Just the homepage of seti and my account and tried to download and upload WU's. Could Seti be sending out a virus and not knowing it??? What is going on or what could have happened. I have never got this alert before! -Worried Seti guy- |
1mp0£173 Send message Joined: 3 Apr 99 Posts: 8423 Credit: 356,897 RAC: 0 |
<blockquote>I just got on my computer to see if Seti was back on-line. I went to the Seti home page, saw that it was, so decided to upload WU's and download some work. I than got a security alert from my Norton Anti Virus. This is what came up and what it said: Norton Internet Worm Protection has detected and blocked an intrusion attempt. Security rule: Default Block Orifice 2000 Trojan horse. Local address: 4.248.255.220 Remote address: 219.249.138.14 I was not on any other site but Seti. No e-mails. Just the homepage of seti and my account and tried to download and upload WU's. Could Seti be sending out a virus and not knowing it??? What is going on or what could have happened. I have never got this alert before! -Worried Seti guy- </blockquote> Both IP addresses appear to be DSL lines, and not part of either IP block at SETI. Most likely, it's something else -- if you use Internet Explorer, it could be a browser helper object that downloads worms (why I use FireFox). Or, it could be a random infected computer "out there" trying to connect to you at random. |
Steve Cressman Send message Joined: 6 Jun 02 Posts: 583 Credit: 65,644 RAC: 0 |
>Or, it could be a random infected computer "out there" trying to connect to you at random. I agree with you there. Port 445 and 139 are still being hammered on my firewall. Would ne nice if people would look after their systems better. But there are alot out there who can hardly find the on switch. So protect youself. 98SE XP2500+ @ 2.1 GHz Boinc v5.8.8 And God said"Let there be light."But then the program crashed because he was trying to access the 'light' property of a NULL universe pointer. |
slavko.sk Send message Joined: 27 Jun 00 Posts: 346 Credit: 417,028 RAC: 0 |
It is a internet "noise", I'm getting a log of them on mi FW. That's normal, people are hammering another computers and looking for victims. ALL GLORY TO THE HYPNOTOAD! Potrebujete pomoc? My Stats |
1mp0£173 Send message Joined: 3 Apr 99 Posts: 8423 Credit: 356,897 RAC: 0 |
<blockquote>>Or, it could be a random infected computer "out there" trying to connect to you at random. I agree with you there. Port 445 and 139 are still being hammered on my firewall. Would ne nice if people would look after their systems better. But there are alot out there who can hardly find the on switch. So protect youself. </blockquote> Actually it is a strong argument for egress filtering -- providers (especially large cable and DSL providers) should block outbound traffic on ports like 139, 445 and yes, even port 25. |
Ace Casino Send message Joined: 5 Feb 03 Posts: 285 Credit: 29,750,804 RAC: 15 |
This just really took me by surprise. In over a decade on the net I've NEVER been attacked by a WORM. My Anti-virus has only detected maybe 4 e-mail viruses in over 10 years also. My internet company just in the past year or so has installed filters. When I first hooked up with my IP there where only a 100-200 people signed up. Now, even a decade later there are only a 3,000 - 4,000. I'm just letting you know how small my provider is (and my community) and that it's not an AOL. I use Netscape and have for about 10 years now. I don't know much about Firefox but really like Netscape. I may not even know how to use IE (just kid'n). I don't have DSL and couldn't get it if i wanted to. Well, thanks for your help! Was just a little worried that the only place I had been was the Seti site and downloading Seti Wu's. "Randy" ~~~ |
1mp0£173 Send message Joined: 3 Apr 99 Posts: 8423 Credit: 356,897 RAC: 0 |
<blockquote>This just really took me by surprise. In over a decade on the net I've NEVER been attacked by a WORM. My Anti-virus has only detected maybe 4 e-mail viruses in over 10 years also. My internet company just in the past year or so has installed filters. When I first hooked up with my IP there where only a 100-200 people signed up. Now, even a decade later there are only a 3,000 - 4,000. I'm just letting you know how small my provider is (and my community) and that it's not an AOL.</blockquote> From where I'm sitting, I can't tell the difference betwen dialup, DSL, or Cable reliably -- it's an IP, and it's a good guess that it's part of a consumer block. My ISP is smaller, with the notable difference that I run my ISP. We aren't big in access, we do more hosting and development. I strongly suggest that you've been attacked tens of thousands of times and that those attacks simply weren't effective. There are too many worms like SQL Slammer that were able to infect 90% of the vulnerable hosts in the first 8 1/2 minutes, too many worms like NIMDA that should have been completely dead years ago but are still out "in the wild." |
Tigher Send message Joined: 18 Mar 04 Posts: 1547 Credit: 760,577 RAC: 0 |
<blockquote><blockquote>>Or, it could be a random infected computer "out there" trying to connect to you at random. I agree with you there. Port 445 and 139 are still being hammered on my firewall. Would ne nice if people would look after their systems better. But there are alot out there who can hardly find the on switch. So protect youself. </blockquote> Actually it is a strong argument for egress filtering -- providers (especially large cable and DSL providers) should block outbound traffic on ports like 139, 445 and yes, even port 25.</blockquote> Yes I agree. I block all netbios traffic in and out plus lots of other. hehe I actually found an attempt to use CUPS because I was advertising printer availability once LOL!. It pays to check out what is going out too. .....when one looks at the logs and think about what has been going on while sleeping one soon learns to tighten it all up. I do think the blocking should be user controlled though. I would not like to think ports on my server were not accessible because my ISP had blocked them.....if I read you right? Having a decent firewall helps a lot! What do folk here use? |
©2024 University of California
SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.