PC Pals Forum

Technical Help & Discussion => Broadband, Networking, PC Security, Internet & ISPs => Topic started by: TR on August 18, 2003, 21:24

Title: Zone Alarm
Post by: TR on August 18, 2003, 21:24

Last night I checked the number of times my ZA has clocked up intrusions.. it stood at 10539
and tonight it is now 10991 and rising wrapidly.. is this the MSblaster doing the rounds  :'(

Hookstar

Title: Re:Zone Alarm
Post by: Adept on August 18, 2003, 21:32

Probably, Hookstar. I've had 270 tonight :(

Have a look at ZA's log file. Anything attacking your port 135 is probably MSBlast.

Most of the post 135 probes I'm getting are from other Demon Internet hosts. Demon's Abuse Department is going to be busy this month ;)

Title: Re:Zone Alarm
Post by: Adept on August 18, 2003, 21:34

By the way, how long have you had that version of ZA?

The log file is normally cleared when ZA is upgraded. 10000 seem like a lot of items to have in the log :o

The latest version of ZA Free is 3.7.202 AFAIK.

Title: Re:Zone Alarm
Post by: TR on August 18, 2003, 21:40

Yep.. thats the one I have 3.7.202..

the fig has now gone to 11009

30/07/03 registered


Hookstar

Title: Re:Zone Alarm
Post by: Adept on August 18, 2003, 21:42

Quote from: Hookstar on August 18, 2003, 21:40

the fig has now gone to 11009

Bloody Hell!

Aren't you glad you have a firewall? ;)

Title: Re:Zone Alarm
Post by: TR on August 18, 2003, 21:48

Sure is (https://www.pc-pals.com/smf/proxy.php?request=http%3A%2F%2Fwww.anchoredbygrace.com%2Fsmileys%2Fmgdetectvie.gif&hash=0e4b19744efdb699798df0300fdd6bf9c5bc80af)

11021 now

Title: Re:Zone Alarm
Post by: Camstop on August 18, 2003, 21:52

I aint had any... ???

But i know Nortons updated when i logged on tonight... ::)

Title: Re:Zone Alarm
Post by: TR on August 18, 2003, 21:57

11038 now :(


B*llox.. Im getting paranoid  ;D.. not going to look anymore  8)

Title: Re:Zone Alarm
Post by: Adept on August 18, 2003, 21:58

What ISP are you on Hookstar? :o

Title: Re:Zone Alarm
Post by: TR on August 18, 2003, 22:00

V21..  ;D.. damn I looked..11048 now

Title: Re:Zone Alarm
Post by: TR on August 18, 2003, 22:29

Adept.. should I contact V21 and ask whats going on .. have attached another pic showing log this time.

Now at 11068.. nearly 400 this session

Title: Re:Zone Alarm
Post by: Adept on August 18, 2003, 22:33

Are they all from the same address Hookstar? It looks like someone is PINGing your address. It has nothing to do with MSBlast.

Title: Re:Zone Alarm
Post by: TR on August 18, 2003, 22:43

Looks all different .. I will have a rummage about in the log text and see what I can come up with  :-\.

Cheers anyway  (https://www.pc-pals.com/smf/proxy.php?request=http%3A%2F%2Fwww.anchoredbygrace.com%2Fsmileys%2Fides_lol_large.gif&hash=b033e7c27727990127a28d62c8454e4d3388acaf)

Title: Re:Zone Alarm
Post by: Adept on August 18, 2003, 22:46

I've just doen some "further reading" ::) and it looks like it could be the MSBlast worm looking for hosts to exploit.

Sorry to mislead you :(

Either way, ZA is blocking it - so don't worry, unless you notice a signigficant drop in bandwidth :o

Title: Re:Zone Alarm
Post by: Simon on August 19, 2003, 00:07

I've only had three or four attempted intrusion alerts over the past couple of days, and thankfully have not been 'blasted'.  I have Sygate Pro and Norton AV Pro, which I have been updating daily since the Blaster scare.  I also downloaded the MS patch, so hopefully I should be well protected.

Title: Re:Zone Alarm
Post by: Robotochan on August 19, 2003, 09:45

I don't know how many but for 2 days running (Outpost clears after a while) I have a massive list of MSBLAST.EXE even after I'd fixed the patch, not any more  ;D