Hello everyone: We are not really adding to the thread here (so I hope we don't get flamed). It is simply that there is no other group we trust for *solid* information on topics dealing with security issues. Since about a week after this CodeRed thing started, everytime our mail client checks our email accounts now our firewall tells us "A remote system is attempting access" gives the IP address ( not usually the same) of the remote system ect, and tells us that some are attempting to connect to us through port80 while others seem to be trying "sunrpc" on port 111 (of course we deny the access). In the log we see that it is "Inbound TCP connection". It comes almost always just after checking the mail. No matter what time interval we have set for the mail check. I thought maybe it was my imagination at first, so I basically ignored it. We are connected to a ISP whereby we can usually just sign back on and that changes the IP address and all is fine, we go on with our work as usual. But it seems as time has progressed after "CodeRed" came out, that we are finding fewer and fewer IP addresses where we are left alone. It really isn't a major problem (since we have a firewall from one of the best companies in the business) we are really in no danger. It is more like a mosquito (pesky until swated). Sometimes, however it seems to actually cause our system to crash and restart itself. We wanted to know if anyone has any ideas how we can stop this annoyance all together? Thanks, Robert ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Aug 08 2001 - 11:01:14 PDT