ntop --disable-instantsessionpurge -c -g -o -u root -i eth0 -B "tcp port 135" -m xx.xxx.xxx.xxx/xx"
xxx.xxx.xxx.xxx is your local subnet with /xx subnetmask.
Place the ntop probe right behind the firewall and you will be able to identify machines trying to scan outside and have the blaster.exe virus
