Re: Vítěz soutěže blast znám

Darth Moula darth_moula na atlas.cz
Čtvrtek Únor 12 19:23:12 CET 2004 

V tom tvém výpisu mi nějak chybí volání RPC, co "chytil" můj log:
2x 192.168.155.22:2304 -> 192.168.145.130:135

K5

----- Original Message -----
From: "Cvrcci" <klfree na svrcek.cz>
To: "K5" <darth_moula na atlas.cz>
Sent: Thursday, February 12, 2004 7:06 PM
Subject: Re: Vítěz soutěže blast znám


> Tak asi toto, zrovna jsem si rikal, co to je, ze o viru na portu 445 nic
> nevim a vsechno to slo primo na me PC - ten blaster vzal vsechny me
> adresy postupne
>
> K8
>
>   11|02/12/2004 18:54:00  |192.168.155.22:2199   |192.168.145.130:445
> |ACCESS BLOCK
>      TCP packet filter matched (set: 0,rule: 0)
>   12|02/12/2004 18:54:00  |192.168.155.22:2200   |192.168.145.130:139
> |ACCESS BLOCK
>      TCP packet filter matched (set: 0,rule: 0)
>   13|02/12/2004 18:53:54  |192.168.155.22:2200   |192.168.145.130:139
> |ACCESS BLOCK
>      TCP packet filter matched (set: 0,rule: 0)
>   14|02/12/2004 18:53:54  |192.168.155.22:2199   |192.168.145.130:445
> |ACCESS BLOCK
>      TCP packet filter matched (set: 0,rule: 0)
>   15|02/12/2004 18:53:51  |192.168.155.22:2200   |192.168.145.130:139
> |ACCESS BLOCK
>      TCP packet filter matched (set: 0,rule: 0)
>   16|02/12/2004 18:53:51  |192.168.155.22:2199   |192.168.145.130:445
> |ACCESS BLOCK
>      TCP packet filter matched (set: 0,rule: 0)
>   40|02/12/2004 18:39:58  |192.168.155.22:2088   |192.168.145.130:445
> |ACCESS BLOCK
>      TCP packet filter matched (set: 0,rule: 0)
>   41|02/12/2004 18:39:58  |192.168.155.22:2089   |192.168.145.130:139
> |ACCESS BLOCK
>      TCP packet filter matched (set: 0,rule: 0)
>   42|02/12/2004 18:39:52  |192.168.155.22:2089   |192.168.145.130:139
> |ACCESS BLOCK
>      TCP packet filter matched (set: 0,rule: 0)
>   43|02/12/2004 18:39:52  |192.168.155.22:2088   |192.168.145.130:445
> |ACCESS BLOCK
>      TCP packet filter matched (set: 0,rule: 0)
>   44|02/12/2004 18:39:49 
1000
 |192.168.155.22:2089   |192.168.145.130:139
> |ACCESS BLOCK
>      TCP packet filter matched (set: 0,rule: 0)
>   45|02/12/2004 18:39:49  |192.168.155.22:2089   |192.168.145.130:139
> |ACCESS BLOCK
>      TCP packet filter matched (set: 0,rule: 0)
>   46|02/12/2004 18:39:49  |192.168.155.22:2089   |192.168.145.130:139
> |ACCESS BLOCK
>      TCP packet filter matched (set: 0,rule: 0)
>   47|02/12/2004 18:39:49  |192.168.155.22:2088   |192.168.145.130:445
> |ACCESS BLOCK
>      TCP packet filter matched (set: 0,rule: 0)
>
>
> K5 napsal(a):
>
> >>tak dalsi adept s blastrem ci necim podobnym, co se pokousi proniknout
> >>na portu 135, je na IP 192.168.157.151
> >
> >
> > zkusil jsem vcelku nevinné
> > pulist \\192.168.145.130
> > co na to tvůj firewall (krom toho, že to skrz sebe nepustil)?

Další informace o konferenci Kladno