Frontpage
Forums
Tutorials
Members
Calendar
Subscription
Donate
Links
Contact 
Help
do these egist? iv got this log in my router that has these couple ips that are trying to connect to *my ip*:135. is there a way i could like... get these guys to stop and cut their internet service for port scanning?
Page 1 of 1
Internet Scanners
for port 135
Rate Topic:
#1
- iPod therefore iHappy
-
- Group: Members
- Posts: 979
- Joined: 13-August 03
Posted 25 March 2005 - 09:54 PM
Back to top
#2
- SEARCH!!! SEARCH!!!
-
- Group: Super Moderator
- Posts: 7,019
- Joined: 02-September 02
- OS:Windows 7 x64
-
Country:
Posted 26 March 2005 - 10:53 AM
sven, I don't think its a scanner... Its probably a worm that's trying to get through...
Remember the Blaster worm?? That ran an exploit on port 135 and a few thousand computers in the world probably still have it...
Remember the Blaster worm?? That ran an exploit on port 135 and a few thousand computers in the world probably still have it...
Quote
W32.Blaster.C.Worm is a worm that exploits the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135. The worm targets only Windows 2000 and Windows XP machines. While Windows NT and Windows 2003 Server machines are vulnerable to the aforementioned exploit if it is not properly patched, the worm is not coded to replicate to those systems.
#3
- iPod therefore iHappy
-
- Group: Members
- Posts: 979
- Joined: 13-August 03
Posted 26 March 2005 - 08:30 PM
possibly... its some random port number (1111, and others) then to my 135. so its possible.
#4
- Senior Member
-
- Group: Members
- Posts: 698
- Joined: 19-May 04
Posted 02 April 2005 - 12:33 AM
You could add a rule to your firewall or IDS system that basically drops all packet traffic from the offending IP's to your network.
Since it could be a worm trying to attack your network, perimeter antivirus scanning of some sort might be in order as well.
Since it could be a worm trying to attack your network, perimeter antivirus scanning of some sort might be in order as well.
#5
- Advanced Member
-
- Group: Members
- Posts: 316
- Joined: 13-January 05
Posted 03 April 2005 - 04:13 PM
Log there connection attempts and attain info on the subnet. Contact the owner of that particular subnet and let them know what is going on. I would not suggest contacting them unless you have an abundent amount of logs on this connection attempt.
*STATIC-IP*:135, you can assume it is a business account, unless this person is smart and using it as a mask.
*DHCP-IP*:135, just as long as you have the port address listed and IP's, ISP's can look up logs of users whom had a specified IP assigned to them at a given time frame. All this info on the IP and company is easily obtained in the ARIN DB.
If these attacks happen frequently at the same time and same amount of times I would consider it would be some sort of worm on the net.
If attacks seem to be random it's some pathetic kid playing on the net and can get into trouble.
Both cases you can get there services suspended, if they are infected with a virus or worm that is infecting the net in some way the ISP reserves every right to suspend there services until appropriate measures are taken. But if some hyjinked kid is playing with port scanners or attempting to connect to an unauthorized remote machine repeatedly, they can get there services suspended and much worse.
*STATIC-IP*:135, you can assume it is a business account, unless this person is smart and using it as a mask.
*DHCP-IP*:135, just as long as you have the port address listed and IP's, ISP's can look up logs of users whom had a specified IP assigned to them at a given time frame. All this info on the IP and company is easily obtained in the ARIN DB.
If these attacks happen frequently at the same time and same amount of times I would consider it would be some sort of worm on the net.
If attacks seem to be random it's some pathetic kid playing on the net and can get into trouble.
Both cases you can get there services suspended, if they are infected with a virus or worm that is infecting the net in some way the ISP reserves every right to suspend there services until appropriate measures are taken. But if some hyjinked kid is playing with port scanners or attempting to connect to an unauthorized remote machine repeatedly, they can get there services suspended and much worse.
#6
- iPod therefore iHappy
-
- Group: Members
- Posts: 979
- Joined: 13-August 03
Posted 03 April 2005 - 08:08 PM
hum, most of teh time its a continuous ammount from a single ip for a little while. meh, its just annoying. i forwarded the port into cyberspace so it will never touch my pcs
Share this topic:
Page 1 of 1