 |
|
|
 Welcome to the Virus.Org Mailing List Archive |
||
 |
||
|
||
|
RE: ISP reacts against Lovsan (alias: MSBlast, Poza, Blaster, W32/Msblast, Lovesun) WAS: RE: [Dshield] DCOM morning after [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> wrote on Wednesday, August 13, 2003 4:17 AM: on behalf of: Craig Shaw [EMAIL PROTECTED] Craig, Right you are. | -snip- | Still, if they were blocking internal traffic but leaving the outside | stuff still wide open, I would expect you to still see a lot of | traffic on your firewall. | -snip- 1) Traffic on firewall (during an eleven hrs period after ISP's "internal traffic" filtering applied) show: 120 hits targeted to port 135 (Service: RPC Remote Procedure Call, Transport: TCP (flags:S)). 11 hits targeted to port 445 (Service: MSFT DS, SMB Server Message Block, Transport: TCP (flags:S)). 6 hits targeted to port 139 (NETBIOS Session Service, Transport: TCP (flags:S)). 2) Not a single one hit attempt originates from other subscribers of this same ISP. (Number of subscribers several tens of thousands.) When ISP applies this kind of filtering, fellow [ISP] subscribers no longer reported to DShield in my logs. ;=) Thanks again Pete "Ask a question and you are a fool for one minute. Don't ask a question and you are a fool forever." Chinese Proverb.
|
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.