I guess I'm pretty lucky because ZoneAlarm has only given me about 35 alerts today on attempts for port 80. The interesting thing is the ports they are comming from though. I think that the number port deals directly to how many times the machine has been infected and what thread is scanning you. FWIN,2001/07/19,14:26:15 -4:00 GMT,64.34.49.117:39177,24.45.194.223:80,TCP (flags:S) FWIN,2001/07/19,15:25:59 -4:00 GMT,148.202.102.7:1312,24.45.194.223:80,TCP (flags:S) FWIN,2001/07/19,15:29:12 -4:00 GMT,207.193.68.34:2414,24.45.194.223:80,TCP (flags:S) FWIN,2001/07/19,17:24:22 -4:00 GMT,169.207.32.178:1468,24.45.194.223:80,TCP (flags:S) FWIN,2001/07/19,17:30:18 -4:00 GMT,172.152.200.119:3997,24.45.194.223:80,TCP (flags:S) FWIN,2001/07/19,17:47:36 -4:00 GMT,64.30.0.244:4896,24.45.194.223:80,TCP (flags:S) FWIN,2001/07/19,18:06:53 -4:00 GMT,208.27.168.17:2435,24.45.194.223:80,TCP (flags:S) FWIN,2001/07/19,18:08:40 -4:00 GMT,64.209.28.21:50823,24.45.194.223:80,TCP (flags:S) FWIN,2001/07/19,19:09:53 -4:00 GMT,200.54.190.233:2089,24.45.194.223:80,TCP (flags:S) FWIN,2001/07/19,19:10:03 -4:00 GMT,141.222.1.32:2389,24.45.194.223:80,TCP (flags:S) As you can see no repeat offenders. The scanning ports do look strange though. High ports mean high infection rate? SamSpade ------------------ zebulunat_private
This archive was generated by hypermail 2b30 : Thu Jul 19 2001 - 22:24:25 PDT