[Dshield] BEFSX41 and a lot of hits

Joseph Stahley 3rd jestahley3 at cox.net
Wed Jan 21 19:18:05 GMT 2004


I have experienced that as well..I also have a BEFSR41 (original model)
running linksys firmware 1.45.7 July 31, 2003.I am also on Cox HSI. I am
running 3 machines, 1 WIN2K pro, 2 WINXP Pro and I have all the updates
installed on all machines. I was experiencing many many hits on ports
135,137,139,445 and 4662 among others. I am not using a firewall at this
point as well. What I did was uninstall TCP/IPv6 and Microsoft File and
Print Sharing, Used the high security template as my local policy and
disabled under the linksys filters page Multicast, IPSEc and PPTP pass
throughs.It seems the only ports I am having difficulties with now are
135,137 and 445. Over the past 3 hours port 135 has been probed 6 times,137
has been probed 4 times and 445 probed 7 times, that is the only 3 ports I
have incoming on now.

I also at this point noticed an increase of spam, especially from
(hinet.net), was wondering if anyone else has been getting this as well. I
am using outlook 2003 on all machines so any tips to tighten security would
be greatly appreciated.

All antivirus defs are update and I ran scans from Norton Antivirus 2003 and
Trend Micro this morning looking for anything unusual and found nothing.

As for outgoing traffic I have noticed these showing up quite often, was
hoping someone could explain what these are doing when they transmit out, so
I can better understand the process.

Crl.verisign.com
Ar.atwola.com
Toolbarqueries.google.com
148.245.62.68 (Serimp) Incoming on port 139, outgoing to port 137.

Thanks for the help in advance,

Joseph Stahley




-----Original Message-----
From: list-bounces at dshield.org [mailto:list-bounces at dshield.org] On Behalf
Of Zach Smith
Sent: Wednesday, January 21, 2004 8:13 AM
To: DShield
Subject: [Dshield] BEFSX41 and a lot of hits

I just replaced my router with the Linksys BEFSX41 which is great piece of
equipment despite reviews to the contrary (I won't get into that now).
Anyway, it's been online now for a couple of days and WallWatcher has been
going nuts with hits to port 4662 (eDonkey), racking up as many as 30 to 40
attempts per minute in spurts.  I'm sure others have been experiencing this
but was wondering how wide spread it is.  Thanks.

Zach

_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list





More information about the list mailing list