[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: traffic leaking out on PPP connection

On Thu, Nov 25, 2004 at 07:46:30PM -0500, Peter Matulis wrote:
>  --- "Ilya A. Kovalenko" <[email protected]> wrote: 
> > These hosts, probably, infected w/ "Lovesan" (aka "MS-blast") virus. It
> > scans networks for vulnerable Windows boxes to infect.
> > 
> > but you, should see it as incoming requests, than, your host replys.
> I do get, like everyone else, incoming requests due to the reason you give but this is the only
> port my firewall is responding to and I have no idea why except the hypothesis that it is due
> to some PPP tunneling being done by my ISP.
Have you bloccked udp in addition to tcp ?
If so, what you are seeing is not 'replies' but virus/worm activity from
*within* your internal network, scanning hosts outside.
> Furthermore, I went to the Shields Up! site at https://grc.com/x/ne.dll?bh0bkyd2 and it scanned
> my IP and did not report *any* ports open.  This is what I should expect.
Well, without going into another grc debate, you should know that
such port scanning over the internet can be quite unreliable.
Furthermore, they may not be scanning for 135/udp, or the
netbios ports might be blocked somewhere else along the way.
The best way to go is to start from a default deny policy, and
open only what you require.