systems performing flood pings to random ip's on port 445

Discussion in 'Computer Security' started by Gozer, Aug 25, 2004.

  1. Gozer

    Gozer Guest

    About half a dozen computers on our network, and the number is
    growing, that are flood pinging random IP addresses; this started to
    happen after an infection of what Symantec Antivirus (corporate ed.)
    detected as the W32.Spybot worm. However, the virus definitions
    needed to detect this worm are, according to Symantec, April 16 2003;
    ours did not detect it until we updated to the August 24th, 2004 defs.
    I don't know why that's happening.

    Regardless, after the removal of the virus (as per Symantec's
    instructions), the computers are still flood pinging. I can find no
    running process that is causing this.

    Any help would be greatly appreciated.
    Gozer, Aug 25, 2004
    #1
    1. Advertising

  2. Gozer

    Leythos Guest

    In article <>,
    says...
    > About half a dozen computers on our network, and the number is
    > growing, that are flood pinging random IP addresses; this started to
    > happen after an infection of what Symantec Antivirus (corporate ed.)
    > detected as the W32.Spybot worm. However, the virus definitions
    > needed to detect this worm are, according to Symantec, April 16 2003;
    > ours did not detect it until we updated to the August 24th, 2004 defs.
    > I don't know why that's happening.
    >
    > Regardless, after the removal of the virus (as per Symantec's
    > instructions), the computers are still flood pinging. I can find no
    > running process that is causing this.
    >
    > Any help would be greatly appreciated.


    First thing you need to do is block outbound ports
    135,135,137,138,139,445,1433 and 1434 at your router or firewall.

    Once you do that the spamming of port 445 will not leave your network.

    Next, boot each computer in safe mode, run the AV software, and then
    reboot.

    If you have a firewall, or a router with logging, see if you can figure
    out what IP's are infected, and then disconnect those computers from the
    network to clean them.

    Remember, AV is only one part of a security method, and it's always
    reactionary.

    --
    --

    (Remove 999 to reply to me)
    Leythos, Aug 25, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Mike Irvan
    Replies:
    5
    Views:
    490
    Thund3rstruck
    Sep 27, 2003
  2. Richard
    Replies:
    7
    Views:
    765
    Quantum Leaper
    Aug 24, 2004
  3. Replies:
    9
    Views:
    1,075
  4. George Orwell
    Replies:
    0
    Views:
    825
    George Orwell
    Jul 23, 2006
  5. Samwise

    Port 445: Effective/Safe Blocking

    Samwise, Jan 6, 2008, in forum: General Computer Support
    Replies:
    0
    Views:
    1,217
    Samwise
    Jan 6, 2008
Loading...

Share This Page