seems like one of ur boxes (192.168.254.52) is infected with a virus that scans NetBIOS ports (135) along the same subnet (worm activity) ...
best bet is to run antivirus on that machine (if it exists), if it doesnt + ur firewalls lets in 135 then its being used as a decoy. @ the height of the last MS worm i got 100's of these scans per day ... run snort if you want to detect stuff inside ur network ... www.snort.org / www.winsnort.com - jon ----- Original Message ----- From: "R K" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, October 25, 2003 8:02 PM Subject: [nycwireless] Fwd: failure delivery > Howdy, > > I'm seeing a lot of ugly log entries on my router. > It's connected to a static public IP and an internal > access point. > > Can anyone diagnose these? What's going on? The > router's address is 192.168.254.254. > > 2003/10/23 19:57:41 ** TCP SYN Flooding ** > <IP/TCP> > 192.168.254.52:3390 ->> 192.171.141.157:135 > 2003/10/23 19:57:42 ** TCP SYN Flooding ** > <IP/TCP> > 192.168.254.52:3455 ->> 192.171.141.223:135 > 2003/10/23 19:57:42 ** TCP SYN Flooding ** > <IP/TCP> > 192.168.254.52:3509 ->> 192.171.142.21:135 > 2003/10/23 19:57:43 ** TCP SYN Flooding ** > <IP/TCP> > 192.168.254.52:1561 ->> 192.168.245.120:135 > 2003/10/23 19:57:47 ** TCP SYN Flooding ** > <IP/TCP> > 192.168.254.52:3413 ->> 192.171.141.180:135 > 2003/10/23 19:57:48 ** TCP SYN Flooding ** > <IP/TCP> > 192.168.254.52:1498 ->> 192.168.245.57:135 > 2003/10/23 19:57:48 ** TCP SYN Flooding ** > <IP/TCP> > 192.168.254.52:3532 ->> 192.171.142.44:135 > 2003/10/23 19:57:49 ** TCP SYN Flooding ** > <IP/TCP> > 192.168.254.52:1572 ->> 192.168.245.131:135 > > Thanks > > > __________________________________ > Do you Yahoo!? > Exclusive Video Premiere - Britney Spears > http://launch.yahoo.com/promos/britneyspears/ > -- > NYCwireless - http://www.nycwireless.net/ > Un/Subscribe: http://lists.nycwireless.net/mailman/listinfo/nycwireless/ > Archives: http://lists.nycwireless.net/pipermail/nycwireless/ > -- NYCwireless - http://www.nycwireless.net/ Un/Subscribe: http://lists.nycwireless.net/mailman/listinfo/nycwireless/ Archives: http://lists.nycwireless.net/pipermail/nycwireless/
