How is the worm able to hit my closed port?
How is the worm able to hit my closed port?
I have port 1434, but Snort is logging that a worm is hitting it from a Chinese computer: MS-SQL Worm propagation attempt 2008-05-03 21:02:13 59.53.50.35:3391 xx.xx.xx.xx:1434 UDP Also, I have that whole b block blocked, how are they able to send the worm still? # added 59.53.0.0/16 on 04/11/08 22:04:19 59.53.0.0/16 TIA! |
Quote:
|
Just means that the worm is attempting. Doen't mean it's being successful.
|
Quote:
|
Remember that computer crimes are almost-always crimes of opportunity. If you throw out a packet to a randomly-chosen IP address, it is quite disturbing how often you'll get a response from a Windows box that is perfectly willing to obey your every command with the full power and rights of an all-powerful Administrator. (Gliding past their so-called "anti-virus defenses" is just about as difficult as putting-on a Groucho Marx glasses-and-moustache "disguise.")
You can stop these opportunists dead-in-the-water with the simplest bit of security awareness, which is what literally tens of millions of computer users don't have. The attackers won't linger: there are far too many rich-pickings elsewhere. |
All times are GMT -5. The time now is 11:12 PM. |