Hi there. At the end of last week I was having problems with my laptop. Half the time it would freeze when booting whilst at one point I was seeing some odd process activity. At 24 second intervals I would see a burst of activity (~70% CPU utilisation) and the computer would lock at the same time. I have just checked the firewall log of my desktop to see something I wasn't expecting. First off there are loads of blocked entries blocked for ip protocol 60. I then saw a scrambled portscan of ports 50000-50099. By scrambled I mean out no discernable order (then again number patterns was my worst area of maths). Each scan is three packets to the port and some ports were repeated. Last week I hadn't noticed the unusual log entries. As it coincided with me putting Service Pack 3 on my machine (Win2K) I assumed that was the cause so I wiped the root partition and reinstalled. I do have another partition on the drive Does this pattern look familiar to anyone? I did run a viruscan on the machine prior to reinstalling (McAfee 5.21.1000, Engine 4.1.60, Dats 4.04.4217) which found nothing and I was running a firewall (Kerio). I'd also made sure to kill and disable every service that wasn't explicitly needed which is basically everything except what is needed for the operating system to run. Has anyone got any tips on what I should look for on the other partition incase anything was left there? Cheers, Colin. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Aug 12 2002 - 09:05:14 PDT