[CS-FSLUG] Networking details #3 -- partly working
Ed Hurst
ehurst at asisaid.com
Wed Dec 8 16:34:32 CST 2004
Frank Bax wrote:
>>The curious thing is something I've never seen: logging of connections
>>denied using what looks like my dynamically assigned IP from the ISP.
>>That is, something between these two machines is attempting to connect
>>to port 80 on other machines, but looks to be using my temporary IP via
>>the ethernet interface. That's a whole 'nother mess to look at.
>
> There are some virii that attempt to spread this way. They are trying to
> exploit vulnerabilities in IIS using random ip addresses.
That's what I think it may be. I've disconnected her machine and will be
running all the scans, etc. I didn't see the earmarks of Welchia in the
Registry, but that's just the most obvious one.
--
Ed Hurst
-----------
A Bible Site -- http://webs.tconline.net/softedges/
Linux & Unix Help -- http://ed.asisaid.com/
Blog -- http://ed.asisaid.com/blog/
More information about the Christiansource
mailing list