Moshe Aelion said: > Hi everybody > > discovered within about 10 minutes. I then installed ZoneAlarm Pro. Did you have a firewall before? Now that you have one you'll see how much 137/udp traffic you get, it's a lot. > > inspecting ZA logs, you can see a blocked scan (coming every couple of > minutes, from arbitrary addresses - I bet they're spoofed - and soon > after, the computer responds with a (blocked) attempt to communicated > with that address. This points to an active bot (in my opinion) I don't see where "...the computer immediately tries to respond" All the incoming attempts are NetBios 137/udp and the RuLaunch is HTTP (80/tcp) and not to the same IP. >8 ACCESS,22:01:52,RuLaunch blocked from connecting to Internet >(216.49.88.100:HTTP) As far as the program being blocked, a google search for "RuLaunch" shows that it is Macafee, your antivirus software. It's probably checking for updates/registration. Jon ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sun Nov 17 2002 - 23:27:20 PST