[Rightwing Conspiratr1]

I believe that's the blaster worm trying to get in.

[jimkress]

No problems on my LINUX machines ...

[cryptical]

Not "people", it's probably the Blaster worm. Google for it, or look around www.securityfocus.com.

[Spiff]

It's blaster or nachi. It is coincidence that you were logged into FR.

[martin_fierro]

FREE PC PROTECTION: Spyware removers: Spybot S&D AdAware Bayden Systems Popup Popper: Blocks popup ads well in MSIE MailWasher: Good for pre-screening & bouncing SPAM AVG Anti-Virus Free Edition: Free anti-viral protection Windows Update: At least install the critical ones ZoneAlarm: Excellent Firewall Alternative browsers: Mozilla Opera

[gitmo]

This isn't new. I ran a similar thread HERE about a year and a half ago. I get hits from China, France, Germany, and CA whenever I'm on certain forums in FR.

[dr_who_2]

port 135 - RPC - remote procedure calls. This has to do with a recent exposed security bug in Windows code. Lots of worms are exploiting it. Not sure if the worm is in your machine or one of your neighbors. Hopefully www.freerepublic.com doesn't have worms.

[Pyrion]

Um, yeah, so you're saying that every hack attempt on your PC is some left-wing nut job trying to knock you offline because you're a frequent poster to FR?

[timm22]

Moderator, please edit the title.

I would find "Beware of Hacker and White Rural-American Attacks" to be less offensive.

Thank you.

[Servant of the Nine]

This is the info on your badboy hacker.

So9

McAfee Visual Trace  Version 3.25 Results
Target: 195.134.39.66
Date: 8/23/2003 (Saturday), 03:35:52 PM
Nodes: 17


Node Data
Node Net Reg IP Address      Location            Node Name
  17   1   1 195.134.39.66   OSLO                kunde1589.alfanett.no


Packet Data
Node High Low  Avg  Tot  Lost
  17  180  154  163    3    0


Network Data
Network id#: 1
  This is the RIPE Whois server.
  The objects are in RPSL format.
 
  Rights restricted by copyright.
  See http://www.ripe.net/ripencc/pub-services/db/copyright.html

inetnum:      195.134.32.0 - 195.134.39.255
netname:      NO-EAB-CABLE-TV-1
descr:        EAB Tele AS
descr:        Borum, Norway
country:      NO
admin-c:      LAN2-RIPE
tech-c:       LAN2-RIPE
status:       ASSIGNED PA
mnt-by:       RIPE-NCC-NONE-MNT
changed:      leifa@sn.no 19970709
changed:      ripe-dbm@ripe.net 19990706
source:       RIPE

route:        195.134.32.0/19
descr:        ALFANETT NORWAY
origin:       AS8394
mnt-by:       AS8394-MNT
changed:      leifa@e.alfanett.no 20001222
source:       RIPE

person:       Leif Arne Neset
address:      ALFANETT AS
address:      Postboks 8
address:      N-1306 Barum postterminal
address:      Norway
phone:        +47 67 80 62 38
fax-no:       +47 67 80 62 10
e-mail:       leifa@e.alfanett.no
nic-hdl:      LAN2-RIPE
changed:      leifa@sn.no 19971010
changed:      Bjorn.Myrstad@runit.sintef.no 19980407
changed:      Bjorn.Myrstad@runit.sintef.no 19980720
changed:      leifa@e.alfanett.no 19990422
changed:      leifa@e.alfanett.no 19990428
changed:      hostmaster@uninett.no 20000629
changed:      leifa@e.alfanett.no 20001220


Registrant Data
Registrant id#: 1
  Kopibeskyttet, se http://www.norid.no/whois/kopirett.html
  Rights restricted by copyright. See http://www.norid.no/whois/kopirett_eng.html

Domain Information

Domain Name................: alfanett.no
Organization Handle........: ETA9O-NORID
Registrar Handle...........: REG1-NORID
Legal-c Handle.............: LAN2P-NORID
Tech-c Handle..............: LAN2P-NORID
Zone-c Handle..............: LAN2P-NORID
Bill-c Handle..............:
Nameserver Handle..........: DHCP1H-NORID
Nameserver Handle..........: NS512H-NORID

Additional information:
Created:         1999-11-15
Last updated:    1999-12-09

NORID Handle...............: ETA9O-NORID
Organization Name..........: EAB Tele AS (alfanett)
Organization Number........: 0
Post Address...............: Postboks 13
Postal Code................: N-1306
Postal Area................: Barum
Country....................: Norway
Phone Number...............: +47 67 80 62 38
Fax Number.................: +47 67 80 62 10
_____
Visual Trace Copyright ©1997-2001 NeoWorx Inc

[Momaw Nadon]

[Liz]

techno-ping

[thoughtomator]

First - if you have Outlook, trash it. Never use it again. Otherwise anything anyone might tell you with regards to machine security will be moot.

May I suggest (assuming you've got a Windows box) using Tiny Personal Firewall? It's free, go to http://www.download.com and search for it. It does wonders for me.

Let it inform you if a program/port combo that you haven't previously approved is being attempted. This way you can approve anything you're working on that requires a resource. Everything else, deny as a rule.

I've got a Win98 box still as my home machine, I rarely if ever update the security, but a simple firewall is all I need to protect myself. Zero problems here. I use the log as an Internet 'weather report' to see what kind of spam traffic is being received by my machine. These days it has been ICMP all the way, thousands and thousands of requests in the past few days. Occasionally there'll be an attempt to see if I'm running a Kazaa server (port 1214) or if I'm dumb enough to be infected with SubSeven (port 27234). Port 135 RPCs do come by occasionally as well as attempts on common named ports and random high-numbered ports.

[Maria S]

I finally had to turn off the informational alerts on my zone alarm firewall. "Pings" were coming in from all over the world! It was kind of interesting seeing where they were supposedly located (all over the world), but the new wore off fast. A geek told me the pinging wasn't at my computer necessarily; just random pinging (like a submarine's radar does) to find computers unprotected. Also, the locations shown on the alerts are probably Ghost locations; someone going through fake systems. (I don't understand much of this stuff...I just know zone alarm works)

[EggsAckley]

Hey Tex! How are ya?
I just set up my brand new Sony Vaio Desktop yesterday, and immediately got infected with the Blaster. Took my geek about two hours to un-infect it.

[ninenot]

63.154.16.41

Apparently someone in Oak Brook wants to get to know my Port 135.

Zone Alarm tells me there's a hit every 10 seconds or so to my address, but only a few to Port 135--maybe once a minute, average.

[First_Salute]

may interest

[demlosers]

If you are on a DHCP server like DSL, change your IP address and mr. 195.134.39.66 will lose sight of you.

[concentric circles]

bump~

[Pyrion]

Ya know what's fun? Deliberately opening port 135 on a NAT router just to have it blocked by ZoneAlarm, and then watch the logs fill up with logs of idiots that haven't patched their systems.

Unfortunately I can't do that, because my ISP (Cox HSI) has blocked all connection attempts to port 135 both inbound and outbound at the cable modem.

This is the sort of thing more ISPs need to do.