Olympus-OM
[Top] [All Lists]

Re: [OM] OT: New Internet Threat???

Subject: Re: [OM] OT: New Internet Threat???
From: Wayne Shumaker <om3ti@xxxxxxxx>
Date: Sat, 02 Mar 2019 07:24:58 -0700
(On Router) Port 445 should not be open for incoming connections, hence only 
connections going out will be on that port. (unless your router/modem is 
compromised.) Blocking out going connections on that port would be good thing 
to do. --- Assuming you are doing the blocking on the router/modem. On Windoes 
firewall that is good.

There were recently some patches to Samba, so anytime a vulnerability is 
patched, hackers go to town looking for unpatched systems. Samba provides SMB 
filesharing in Linux, and SMB (windoes fileshareing) is a prime target for 
malware. Once a system is infected it will often use SMB to try and spread to 
other computers on the network.

<rant> I'm super paranoid when it comes to malware. Today's malware tries to be 
very stealthy. If I found what you found going on. I would be completely 
re-install Windoze on a fresh disk. Of the few times my computers got infected, 
there was no anti-virus, anti-malware tool that would find it and remove it. I 
even went a far as mounting the windoes drive on Linux and looking through the 
registry hives. Blocking port 445 is a good start, but only a bandaid. What is 
initiating that connection in the first place? It means your computer (or 
router) is most likely compromised - my opinion. Go to bleepingcomputer.com and 
search "port 445". Personally though, I'm a programmer and security issues are 
a hobby, so I would waste time pursuing  it, but for the non-hacker, you can 
waste a lot of time trying to fix it. Hence just reinstall windows and have 
peace of mind. Better to prevent the disease than try to cure it. And if you 
have an older router/modem, I would replace it. Or at least re-fl
 ash the firmware in it.</rant>

Paranoid WayneSHacker2


At 3/1/2019 07:02 PM, you wrote:
>     Is it possible that they are initiated by way of the bogus connection to 
> port 445?  I didn't see any more microsoft-ds connections after I blocked 
> access to that.
>
>>
>>You should not be getting connections unless you are compromised. 
>>Unless you mean hits on the firewall.
>>
>>>
>>>     Never mind Russia and/or China.  I just had a burst of almost 20 
>>>connections to the IP address 78.38.93.8, which turns out to be from 
>>>Iran.
>>>
>>
>
>Chris
>
>When the going gets weird, the weird turn pro 
>     - Hunter S. Thompson
>-- 
>_________________________________________________________________
>Options: http://lists.thomasclausen.net/mailman/listinfo/olympus
>Archives: http://lists.thomasclausen.net/mailman/private/olympus/
>Themed Olympus Photo Exhibition: http://www.tope.nl/
-- 
_________________________________________________________________
Options: http://lists.thomasclausen.net/mailman/listinfo/olympus
Archives: http://lists.thomasclausen.net/mailman/private/olympus/
Themed Olympus Photo Exhibition: http://www.tope.nl/

<Prev in Thread] Current Thread [Next in Thread>
Sponsored by Tako
Impressum | Datenschutz