[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: traffic leaking out on PPP connection

PM> My firewall is pretty tight.  I block all incoming by default and let out only certain
PM> destination ports.  I'm currently filtering on external interface only.
PM> Now I decided to do a check on all outgoing traffic
PM> (filtering out of course the allowed ports)
PM> and I made an interesting discovery.
PM> I am on dial-up (PPP) with a Canadian ISP (Sympatico) and I
PM> am sending out regular replies to
PM> port 135.  I figured this is due to PPP tunneling.  In 15
PM> minutes I was replying to about a
PM> dozen different IP addresses but they all resolve back to my ISPs servers (or clients?):
These hosts, probably, infected w/ "Lovesan" (aka "MS-blast") virus. It
scans networks for vulnerable Windows boxes to infect.
but you, should see it as incoming requests, than, your host replys.
Ilya A. Kovalenko                            mailto:[email protected]