| Zone Alarm Going Crazy | |
|
n00b - Student  |
I just checked my zone alarm log and it had grown to 300 megs overnight. Apparently, hundreds of computers have been pinging this machine for some reason. I had to turn off the log, needless to say. You may want to double-check your firewall status to see if this is happening to you as well. I couldn't find any info about what is causing it i.e. virus, trojan, whatever... Anyone know what's going on? _______________ Gone but hopefully not forgotten... |
| Login and add your comment! |
| Comments |
|
Havvk - Ex-Student 
|
Just close it down, those pop-up thingies really piss me off while im in duels... _______________ ~~~knows secretly that furious sUx0rs~~~ |Defender of Ulthuan|Master of the deagle|Saber staff king|Master of spam| ~~~ You have to be bad to be be evil but you have to be evil to be bad! ~~~ ~~~ Will always remember c_M@D as a leader and as a brother -_- ~~~ |
|
n00b - Student 
|
Bandit, its got to be the Nachi worm still lingering on the network. If you all remember the dang Blaster worm, Nachi is a clone of it that attempts to patch your computer to stop Blaster. Obviously, its more of a nuisance than a help. One would think RR would be more worried about it and inform their customers some how. _______________ Gone but hopefully not forgotten... |
|
D@RtHM@UL - Student 
|
Bandit, don't call ppl n00b  |
|
Bandit - Student 
|
nOOb- my computer is hooked up to RR and I've been getting ICMP pinged like crazy. I've got McAfee set up to block them..but I've been getting hits every10 to 20 seconds it seems... In fact, I just checked my log and I've had 22 hits in the last three minutes, which is one every 9 seconds or so. _______________ Part-Time Player (Weekend Warrior). Recipient of the prestigious "Longest-Post-Ever Award" (bestowed on me by Flash on March 23rd, 2004) |
|
Colbey - Ex-Student 
|
hehe As to the question about why haven't people patched their shit yet? There is the first rule of the Sys admin to fall back on. People are Stupid. One thing you can do is if you have a good log of originating IPs and times. Get those to the ISP that owns the IP address. They can usually find Abusers/Attackers and handle it accordingly. Or contact customers with possibly infected machines. _______________ Those that did not kill me, are dead. |
|
DJ Sith - Jedi Council 
|
Alot of that are script kiddies looking for live machines. Get your fancy Zone Alarm to block ICMP.  _______________ My car is made of Nerf. |
|
n00b - Student 
|
They're all ICMP pings coming from machines all over Road Runner. Its not restricted to just my domain, its coming from Road Runner domains everywhere. Its not stopping either, every couple seconds or so this machine gets pinged. Could this be Nachi worm? God, if it is, why haven't people patched their crap yet? _______________ Gone but hopefully not forgotten... This comment was edited by n00b on Oct 20 2003 04:10am. |
|
DJ Sith - Jedi Council
|
Are they all ICMP pings? TCP fragments? SYN's? All from the same IP, from many IP's? If it's TCP or UDP is there a common destination port? _______________ My car is made of Nerf. |
| Login and add your comment! |