Hello Supporters,
I'm having a strange NukeAttck that it is constantly detected by Outpost.
The attack comes from un unexistant IP trying to access a local IP, that within our system is of a VPN network, that we manually connect not very often.
Outpost version is 3.0.557.5918, this system runs WinXP Pro SP2 updated.
.................................................. ...................................
14:55:35 Nuke attack 192.168.153.1 -> 192.168.0.254
14:50:10 Nuke attack 192.168.153.1 -> 192.168.0.254
12:10:55 Nuke attack 192.168.153.1 -> 192.168.0.254
11:44:19 Nuke attack 192.168.153.1 -> 192.168.0.254
10:24:59 Nuke attack 192.168.153.1 -> 192.168.0.254
9:59:02 Nuke attack 192.168.153.1 -> 192.168.0.254
8:50:58 Nuke attack 192.168.153.1 -> 192.168.0.254
23/03/2006 8:49:52 Nuke attack 192.168.153.1 -> 192.168.0.254
23/03/2006 8:27:36 Nuke attack 192.168.153.1 -> 192.168.0.254
22/03/2006 15:03:59 Rst attack 192.168.1.15 -> 192.168.1.15
22/03/2006 10:35:47 Nuke attack 192.168.153.1 -> 192.168.0.254
22/03/2006 8:34:26 Nuke attack 192.168.153.1 -> 192.168.0.254
21/03/2006 9:44:29 Nuke attack 192.168.153.1 -> 192.168.0.254
21/03/2006 8:31:37 Nuke attack 192.168.153.1 -> 192.168.0.254
.................................................. ................................................
The ScanPortDetails shows ICMP (781).
Eventually there was this Rst attck appearing since a couple of days ago, although the IP is from our PrintServer, so I guess it's fine.
One of the strange things that happen is that when the user of this pc uses Word and tries to SaveAs choosing a new destination for the file, Word crashes badly not responding for a while, and then recovers itself allowing to choose a new folder destination.
DotaStrategy.com - View Strategy - Glow-A guide to the Dark Seer by Flodian::
really any hero that can stun, nuke, and slow if good. Also Tanks are not bad. Not bad, something u can pull 1 shot from using the skills (lv4) correctly
http://www.dotastrategy.com/strategy-11981-GlowAguidetotheDarkSeerbyFlodian.htmlHOME |
This might be caused by the attack triggered everytime one tries to do that.
When saving in the same fashion with other software it doesn not happen.
Does anyone have any idea where this IP 192.168.153.1 could come from, how to track it, as it freezes the system for a while everytime Outpost detects the attack and that's happening almost all the time.
I haven't detected any new strange software installed (spyware, etc.). I run the antispyware from Outpost, Tauscan and NAV2006 and they find nothing.
Should I use any other more powerful antispyware, antitrojanhorse software?
I have also restarted the router in case our dynamic IP belonged to somebody using some P2P downloading software, etc. I'm monitoring this to see if it was useful or not.
I've been told by the user of the pc that she loaded a Word file that she created at a "very safe" Internet Cafe. Which might have been the carrier of a trojan horse (?). Although after scanning the file we found nothing.
I really appreciate your comments on this one.
Many thanks!
BR,
Nicolás
Welcome to the forums Sysgeek,
If the 192.168.153.1 address has not been set up on your LAN (check your DHCP server and/or router to see what addresses they have assigned), then the most likely cause is packets being sent with a forged source address. While some network utilities offer this feature, it is far more likely due to malware trying to hide its location. As such, the best way to find the computer responsible is via its MAC (network card or physical) address.
To do this, open a Command Prompt window and type arp -a to see if 192.168.153.1 is listed. If not, try a ping 192.168.153.1 followed by arp -a again. Take a note of the MAC address for 192.168.153.1 and check each PC on your network until you find the one which matches (ipconfig /all in the Command Prompt window will list the MAC/physical address for all network cards on that machine).
If you have multiple network segments separated by routers, then you will need to try this test on a PC in each segment in turn since ARP traffic does not normally pass through routers.
Once you have found the PC, then put it though the wringer in terms of anti-malware scans. Castlecops' Malware Removal and Prevention (http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction) is a good place to start...
 Where's The Advantage In Windows Genuine Advantage?
 Stocks Bounce After S&P Joins Bear Market
|
PRINT
Add to favorites