Marc,
Why don't you block 445 on the firewall (outbound) and look at the logs to
see where they are coming from?
Darrell
-------------------------------------------
Check out http://www.invariantsystems.com for utilities for Declude, Imail,
mxGuard, and ORF. IMail/Declude Overflow Queue Monitoring, SURBL/URI
integration, MRTG Integration, and Log Parsers.
Marc Catuogno writes:
I had my ISP (dsl.net) call and tell me that there was virus activity on our
circuit, namely port scans on 445 (maybe Sasser?). I have asked all my
agents to run the removal tool and do windows update. I have run Ethereal
but it didn't seem to catch it. I can't isolate the packets on my HP
Procurve switch...
Anyone have any suggestions short of unplugging one Cat5 cable at a time?
Marc
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
