ML Archiv: Re: [OM] OT: New Internet Threat???

Subject:	Re: [OM] OT: New Internet Threat???
From:	Wayne Shumaker <om3ti@xxxxxxxx>
Date:	Fri, 01 Mar 2019 06:04:16 -0700

Just an update, suggesting you check out possible malware...

Of course, China or Russia or malware may be trying to exploit microsoft-ds. 
How are you viewing these connections? Process Hacker? If you don't have 
Process Hacker, get it and look at your network connections. (although some 
malware can mask itself from even that.)

I don't see a lot of such connections. Samba, on Linux recently, had a 
vulnerability fix, but I assume you are not using Linux. I can see  how an 
infected computer would attempt to try to propagate using that service, so I 
suggest you look into it.

(digression) Anytime I suspect my computer is amuck, I re-install windows on a 
new drive. I have never been successful with malware removal tools. At least 
now, if you re-install windows on a previously activated machine, it will 
automatically activate. As I have described before, somewhere in control panel 
for power, "Define power buttons and  ..." and uncheck "Turn on fast startup 
(recommended)." Disabling fast startup allows the windows drive to be mounted 
in another machine (or same machine) or Linux machine so you can copy files to 
the new windows install. (end digression)

Weed W,hacker Wayne

At 2/28/2019 06:44 PM, you wrote:
>microsoft directory services. https://www.grc.com/port_445.htm
>
>WayneS
>
>At 2/28/2019 01:17 PM, you wrote:
>>     For the past couple of weeks or so I've noticed a large number of 
>> connections to "microsoft-ds".  I just looked into this, and I should 
>> probably par closer attention to these instances.  The IP addresses are all 
>> oveer he map, so it's difficult to set up something in the firewall.
>>
>>     Anyone else seeing this?
>>
>>Chris
>>
>>When the going gets weird, the weird turn pro 
>>     - Hunter S. Thompson
>>-- 
>>_________________________________________________________________
>>Options: http://lists.thomasclausen.net/mailman/listinfo/olympus
>>Archives: http://lists.thomasclausen.net/mailman/private/olympus/
>>Themed Olympus Photo Exhibition: http://www.tope.nl/
>-- 
>_________________________________________________________________
>Options: http://lists.thomasclausen.net/mailman/listinfo/olympus
>Archives: http://lists.thomasclausen.net/mailman/private/olympus/
>Themed Olympus Photo Exhibition: http://www.tope.nl/
-- 
_________________________________________________________________
Options: http://lists.thomasclausen.net/mailman/listinfo/olympus
Archives: http://lists.thomasclausen.net/mailman/private/olympus/
Themed Olympus Photo Exhibition: http://www.tope.nl/

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [OM] OT: New Internet Threat???, Wayne Shumaker Re: [OM] OT: New Internet Threat???, Wayne Shumaker <= Re: [OM] OT: New Internet Threat???, Wayne Shumaker Re: [OM] OT: New Internet Threat???, Nathan Wajsman Re: [OM] OT: New Internet Threat???, Wayne Shumaker Re: [OM] OT: New Internet Threat???, Jan Steinman Re: [OM] OT: New Internet Threat???, Wayne Shumaker Re: [OM] OT: New Internet Threat???, Wayne Shumaker

Previous by Date:	Re: [OM] Nathan's PAD 28/2/2019: a conversation, Wayne Shumaker
Next by Date:	Re: [OM] OT: New Internet Threat???, Wayne Shumaker
Previous by Thread:	Re: [OM] OT: New Internet Threat???, Wayne Shumaker
Next by Thread:	Re: [OM] OT: New Internet Threat???, Wayne Shumaker
Indexes:	[Date] [Thread] [Top] [All Lists]