You probably have the msblast worm ( http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MSB LAST.A )
-----Original Message----- From: David McRell [mailto:[EMAIL PROTECTED] Sent: Monday, August 11, 2003 8:20 PM To: SonicWall List Subject: Re: [SonicWALL]- Cache Full Oh, believe me, I did shut it down. Before I could, though, the workstation logged itself out due to something about RPC - I'll need to check the event log. My syslog file, starting at about noon (12:05), shows the 'cache full' message just prior to dozens and dozens of entries from the XP machine to foreign port 135s. Can I monitor (netstat) the established connections on my XPRS2? I know about the diag.html pages. John Tolmachoff MCSE CSSA said: > Shut that workstation off the network now. > > I most likely has some kind of Trojan or backdoor on it. >> Has anyone seen this, yet? >> >> 'The cache is full; 3072 open connections; some will be dropped' >> >> >> I guess I'm wondering about new exploits. A PC running XP Pro was >> generating lots of outgoing connections to port 135 when this >> happened. The destination addresses all resided within 93.130.0.0/16. -- DM --- [This E-mail scanned for viruses by Declude/F-Prot AV] ======================================================================== =========================== To unsubscribe, send email to [EMAIL PROTECTED] In the body of the email put the following: unsubscribe sonicwall your_name The archive of this list is at http://www.mail-archive.com/sonicwall%40peake.com/ --- [This E-mail scanned for viruses by Declude/F-Prot AV] ==================================================================================================To unsubscribe, send email to [EMAIL PROTECTED] In the body of the email put the following: unsubscribe sonicwall your_name The archive of this list is at http://www.mail-archive.com/sonicwall%40peake.com/
