I think you'll find that this is coming from one of the worms that infects Microsoft SQL servers.
I've created a Block/nolog filter for a few things like this so I don't have thousands of alarm messages every day. Mike Burden Lynk Systems http://www.lynk.com (616)532-4985 [EMAIL PROTECTED] > -----Original Message----- > From: Mason Landrum [mailto:[EMAIL PROTECTED] > Sent: Wednesday, March 19, 2003 9:50 AM > To: [EMAIL PROTECTED] > Subject: [gb-users] Port 445 microsoft-ds blocks > > > I'm sure that this has probably been asked before, but here it goes > again. > > I am receiving tons of port 445 microsoft-ds block messages > from the GB > like below: > > -------------------------------------------------------------- > ---------- > ----- > ALARM NO: 1 > DATE: Tue 2003-03-18 19:25:06 GMT > PRIORITY: 4 > INTERFACE: EXTERNAL (ep2) > INTERFACE TYPE: External > ALARM TYPE: Block > IP PACKET: TCP [61.53.7.11/3200]-->[xxx.xxx.xxx.xxx/445] l=0 > f=0x2 > [61.53.7.11/3200]-->[xxx.xxx.xxx.xxx/microsoft-ds] > > DETAILED DESCRIPTION: > IP packet was rejected by filter 30. > -------------------------------------------------------------- > ---------- > ----- > > Is this someone trying to exploit the denial of service issues that > exist with Windows 2000 or is it legitimate traffic in some way. > > Thanks in advance for your input! > > Sincerely, > Mason Landrum > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > To subscribe to the digest version first unsubscribe, then > e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > Archive of the last 1000 messages: > http://www.mail-archive.com/[EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] To subscribe to the digest version first unsubscribe, then e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archive of the last 1000 messages: http://www.mail-archive.com/[EMAIL PROTECTED]
