i hardly get anything relly hiting my fire wall anymore but this same ip *if you look at the ip its almost the same every time i thought it was me but its not my ip so what is it.

The firewall has blocked Internet access to your computer (HTTP) from 172.195.204.167 (TCP Port 2091) [TCP Flags: S].

Time: 3/5/2002 9:37:52 PM

The firewall has blocked Internet access to your computer (HTTP) from 172.194.246.166 (TCP Port 1742) [TCP Flags: S].

Time: 3/5/2002 9:48:28 PM

The firewall has blocked Internet access to your computer (HTTP) from 172.195.220.204 (TCP Port 4985) [TCP Flags: S].

Time: 3/5/2002 9:58:50 PM

The firewall has blocked Internet access to your computer (HTTP) from 172.192.126.41 (TCP Port 2629) [TCP Flags: S].

Time: 3/5/2002 10:08:04 PM

it relly anoying its the only thing that hits my fire wall

The firewall has blocked Internet access to your computer (HTTP) from 172.193.170.73 (TCP Port 1480) [TCP Flags: S].

Time: 3/5/2002 10:08:36 PM

They are AOL IP adresses. The few I checked all point to:

ACC*****.ipt.aol.com


where the asterixs are different numbers. They could be from the same guy but it is unlikely he would renew IPs that fast.

Your log doesn't show the port they attempted to connect to so it is hard to say why this is occurring.

here's what my router logs look like on average:

Saturday, March 02, 2002 7:15:02 PM Unrecognized access from 172.169.143.185:4533 to TCP port 27374
Saturday, March 02, 2002 7:15:05 PM Unrecognized access from 172.169.143.185:4533 to TCP port 27374
Saturday, March 02, 2002 7:15:11 PM Unrecognized access from 172.169.143.185:4533 to TCP port 27374
Saturday, March 02, 2002 7:15:23 PM Unrecognized access from 172.169.143.185:4533 to TCP port 27374
Saturday, March 02, 2002 7:21:09 PM Unrecognized access from 217.6.28.5:2019 to TCP port 22
Saturday, March 02, 2002 7:21:12 PM Unrecognized access from 217.6.28.5:2019 to TCP port 22
Saturday, March 02, 2002 7:23:25 PM Unrecognized access from 172.157.59.17:3718 to TCP port 27374
Saturday, March 02, 2002 7:23:28 PM Unrecognized access from 172.157.59.17:3718 to TCP port 27374
Saturday, March 02, 2002 7:23:34 PM Unrecognized access from 172.157.59.17:3718 to TCP port 27374
Saturday, March 02, 2002 7:50:54 PM Unrecognized access from 195.92.193.248:80 to TCP port 12311
Saturday, March 02, 2002 7:50:57 PM Unrecognized access from 195.92.193.248:80 to TCP port 12311
Saturday, March 02, 2002 7:51:03 PM Unrecognized access from 195.92.193.248:80 to TCP port 12311
Saturday, March 02, 2002 7:51:15 PM Unrecognized access from 195.92.193.248:80 to TCP port 12311
Saturday, March 02, 2002 7:51:39 PM Unrecognized access from 195.92.193.248:80 to TCP port 12311
Saturday, March 02, 2002 7:52:27 PM Unrecognized access from 195.92.193.248:80 to TCP port 12311
Saturday, March 02, 2002 7:54:03 PM Unrecognized access from 195.92.193.248:80 to TCP port 12311
Saturday, March 02, 2002 7:56:03 PM Unrecognized access from 195.92.193.248:80 to TCP port 12311
Saturday, March 02, 2002 7:58:03 PM Unrecognized access from 195.92.193.248:80 to TCP port 12311
Saturday, March 02, 2002 8:00:03 PM Unrecognized access from 195.92.193.248:80 to TCP port 12311
Saturday, March 02, 2002 8:02:03 PM Unrecognized access from 195.92.193.248:80 to TCP port 12311
Saturday, March 02, 2002 8:04:03 PM Unrecognized access from 195.92.193.248:80 to TCP port 12311
Saturday, March 02, 2002 8:06:03 PM Unrecognized access from 195.92.193.248:80 to TCP port 12311
Saturday, March 02, 2002 8:08:03 PM Unrecognized access from 195.92.193.248:80 to TCP port 12311
Saturday, March 02, 2002 8:10:03 PM Unrecognized access from 195.92.193.248:80 to TCP port 12311
Saturday, March 02, 2002 8:12:03 PM Unrecognized access from 195.92.193.248:80 to TCP port 12311
Saturday, March 02, 2002 11:28:09 PM Unrecognized access from 24.69.231.121:21404 to TCP port 139
Saturday, March 02, 2002 11:28:12 PM Unrecognized access from 24.69.231.121:21404 to TCP port 139
Saturday, March 02, 2002 11:28:18 PM Unrecognized access from 24.69.231.121:21404 to TCP port 139
Sunday, March 03, 2002 3:49:58 AM Unrecognized access from 200.178.201.109:1583 to TCP port 27374
Sunday, March 03, 2002 3:49:58 AM Unrecognized access from 200.178.201.109:1583 to TCP port 27374
Sunday, March 03, 2002 3:49:59 AM Unrecognized access from 200.178.201.109:1583 to TCP port 27374
Sunday, March 03, 2002 4:07:13 AM Unrecognized access from 172.173.127.31:4537 to TCP port 27374
Sunday, March 03, 2002 4:07:16 AM Unrecognized access from 172.173.127.31:4537 to TCP port 27374
Sunday, March 03, 2002 4:07:22 AM Unrecognized access from 172.173.127.31:4537 to TCP port 27374
Sunday, March 03, 2002 5:31:52 AM Unrecognized access from 172.188.67.43:1479 to TCP port 27374
Sunday, March 03, 2002 5:31:55 AM Unrecognized access from 172.188.67.43:1479 to TCP port 27374
Sunday, March 03, 2002 5:32:01 AM Unrecognized access from 172.188.67.43:1479 to TCP port 27374
Sunday, March 03, 2002 5:32:13 AM Unrecognized access from 172.188.67.43:1479 to TCP port 27374
Sunday, March 03, 2002 6:17:14 AM Unrecognized access from 24.67.126.188:4902 to TCP port 111
Sunday, March 03, 2002 6:40:07 AM Unrecognized access from 24.157.43.120:3618 to TCP port 27374
Sunday, March 03, 2002 6:40:10 AM Unrecognized access from 24.157.43.120:3618 to TCP port 27374
Sunday, March 03, 2002 6:40:16 AM Unrecognized access from 24.157.43.120:3618 to TCP port 27374
Sunday, March 03, 2002 6:52:33 AM Unrecognized access from 165.132.95.101:2875 to TCP port 515
Sunday, March 03, 2002 6:52:35 AM Unrecognized access from 165.132.95.101:2875 to TCP port 515
Sunday, March 03, 2002 8:33:46 AM Unrecognized access from 24.157.50.119:2637 to TCP port 27374
Sunday, March 03, 2002 8:33:49 AM Unrecognized access from 24.157.50.119:2637 to TCP port 27374
Sunday, March 03, 2002 8:33:55 AM Unrecognized access from 24.157.50.119:2637 to TCP port 27374
Sunday, March 03, 2002 9:43:21 AM Unrecognized access from 65.227.69.120:3490 to TCP port 27374
Sunday, March 03, 2002 9:43:24 AM Unrecognized access from 65.227.69.120:3490 to TCP port 27374
Sunday, March 03, 2002 9:43:30 AM Unrecognized access from 65.227.69.120:3490 to TCP port 27374
Sunday, March 03, 2002 9:43:42 AM Unrecognized access from 65.227.69.120:3490 to TCP port 27374
Sunday, March 03, 2002 12:01:51 PM Unrecognized access from 24.186.179.125:3301 to TCP port 27374
Sunday, March 03, 2002 12:01:54 PM Unrecognized access from 24.186.179.125:3301 to TCP port 27374
Sunday, March 03, 2002 12:02:00 PM Unrecognized access from 24.186.179.125:3301 to TCP port 27374
Sunday, March 03, 2002 12:02:12 PM Unrecognized access from 24.186.179.125:3301 to TCP port 27374

and more:

Sunday, March 03, 2002 1:31:37 PM Unrecognized access from 208.183.251.166:1560 to TCP port 111
Sunday, March 03, 2002 1:58:14 PM Unrecognized access from 68.80.170.233:1537 to TCP port 27374
Sunday, March 03, 2002 1:58:17 PM Unrecognized access from 68.80.170.233:1537 to TCP port 27374
Sunday, March 03, 2002 1:58:23 PM Unrecognized access from 68.80.170.233:1537 to TCP port 27374
Sunday, March 03, 2002 1:58:35 PM Unrecognized access from 68.80.170.233:1537 to TCP port 27374
Sunday, March 03, 2002 3:08:30 PM Unrecognized access from 172.145.171.109:2649 to TCP port 27374
Sunday, March 03, 2002 3:08:33 PM Unrecognized access from 172.145.171.109:2649 to TCP port 27374
Sunday, March 03, 2002 3:08:39 PM Unrecognized access from 172.145.171.109:2649 to TCP port 27374
Sunday, March 03, 2002 3:43:20 PM Unrecognized access from 24.116.166.113:4420 to TCP port 27374
Sunday, March 03, 2002 3:43:20 PM Unrecognized access from 24.116.166.113:4421 to TCP port 1243
Sunday, March 03, 2002 3:43:23 PM Unrecognized access from 24.116.166.113:4420 to TCP port 27374
Sunday, March 03, 2002 3:43:23 PM Unrecognized access from 24.116.166.113:4421 to TCP port 1243
Sunday, March 03, 2002 3:43:29 PM Unrecognized access from 24.116.166.113:4420 to TCP port 27374
Sunday, March 03, 2002 3:43:29 PM Unrecognized access from 24.116.166.113:4421 to TCP port 1243
Sunday, March 03, 2002 3:43:41 PM Unrecognized access from 24.116.166.113:4421 to TCP port 1243
Sunday, March 03, 2002 3:43:41 PM Unrecognized access from 24.116.166.113:4420 to TCP port 27374
Sunday, March 03, 2002 4:06:40 PM Unrecognized access from 172.139.31.214:1985 to TCP port 27374
Sunday, March 03, 2002 4:06:43 PM Unrecognized access from 172.139.31.214:1985 to TCP port 27374
Sunday, March 03, 2002 4:06:49 PM Unrecognized access from 172.139.31.214:1985 to TCP port 27374
Sunday, March 03, 2002 4:41:49 PM Unrecognized access from 172.192.46.181:4743 to TCP port 27374
Sunday, March 03, 2002 4:41:52 PM Unrecognized access from 172.192.46.181:4743 to TCP port 27374
Sunday, March 03, 2002 4:41:58 PM Unrecognized access from 172.192.46.181:4743 to TCP port 27374
Sunday, March 03, 2002 4:53:26 PM Unrecognized access from 24.232.145.118:1871 to TCP port 27374
Sunday, March 03, 2002 4:53:29 PM Unrecognized access from 24.232.145.118:1871 to TCP port 27374
Sunday, March 03, 2002 4:53:35 PM Unrecognized access from 24.232.145.118:1871 to TCP port 27374
Sunday, March 03, 2002 4:53:47 PM Unrecognized access from 24.232.145.118:1871 to TCP port 27374
Sunday, March 03, 2002 5:59:27 PM Unrecognized access from 172.193.68.230:4280 to TCP port 27374
Sunday, March 03, 2002 5:59:30 PM Unrecognized access from 172.193.68.230:4280 to TCP port 27374
Sunday, March 03, 2002 5:59:36 PM Unrecognized access from 172.193.68.230:4280 to TCP port 27374
Sunday, March 03, 2002 5:59:49 PM Unrecognized access from 172.193.68.230:4280 to TCP port 27374
Sunday, March 03, 2002 6:02:06 PM Unrecognized access from 24.91.182.208:2720 to TCP port 27374
Sunday, March 03, 2002 6:02:09 PM Unrecognized access from 24.91.182.208:2720 to TCP port 27374
Sunday, March 03, 2002 6:02:15 PM Unrecognized access from 24.91.182.208:2720 to TCP port 27374
Sunday, March 03, 2002 6:11:15 PM Unrecognized access from 24.128.111.123:1677 to TCP port 27374
Sunday, March 03, 2002 6:11:18 PM Unrecognized access from 24.128.111.123:1677 to TCP port 27374
Sunday, March 03, 2002 6:11:24 PM Unrecognized access from 24.128.111.123:1677 to TCP port 27374
Sunday, March 03, 2002 6:11:37 PM Unrecognized access from 24.128.111.123:1677 to TCP port 27374
Sunday, March 03, 2002 6:29:49 PM Unrecognized access from 24.69.203.43:1610 to TCP port 139
Sunday, March 03, 2002 6:29:52 PM Unrecognized access from 24.69.203.43:1610 to TCP port 139
Sunday, March 03, 2002 6:29:58 PM Unrecognized access from 24.69.203.43:1610 to TCP port 139
Sunday, March 03, 2002 6:49:00 PM Unrecognized access from 212.3.248.147:21 to TCP port 21
Sunday, March 03, 2002 6:52:56 PM Unrecognized access from 172.164.249.133:2082 to TCP port 27374
Sunday, March 03, 2002 6:52:59 PM Unrecognized access from 172.164.249.133:2082 to TCP port 27374
Sunday, March 03, 2002 6:53:05 PM Unrecognized access from 172.164.249.133:2082 to TCP port 27374
Sunday, March 03, 2002 10:33:09 PM Unrecognized access from 24.69.197.84:2516 to TCP port 139
Sunday, March 03, 2002 10:33:12 PM Unrecognized access from 24.69.197.84:2516 to TCP port 139
Sunday, March 03, 2002 10:33:18 PM Unrecognized access from 24.69.197.84:2516 to TCP port 139
Sunday, March 03, 2002 10:33:30 PM Unrecognized access from 24.69.197.84:2516 to TCP port 139
Sunday, March 03, 2002 11:28:51 PM Unrecognized access from 24.48.203.127:2829 to TCP port 27374
Sunday, March 03, 2002 11:28:54 PM Unrecognized access from 24.48.203.127:2829 to TCP port 27374
Sunday, March 03, 2002 11:29:00 PM Unrecognized access from 24.48.203.127:2829 to TCP port 27374
Sunday, March 03, 2002 11:48:20 PM Unrecognized access from 66.8.157.20:3232 to TCP port 27374
Sunday, March 03, 2002 11:48:23 PM Unrecognized access from 66.8.157.20:3232 to TCP port 27374
Sunday, March 03, 2002 11:48:29 PM Unrecognized access from 66.8.157.20:3232 to TCP port 27374
Sunday, March 03, 2002 11:48:42 PM Unrecognized access from 66.8.157.20:3232 to TCP port 27374
Monday, March 04, 2002 2:56:36 AM Unrecognized access from 24.78.6.105:3697 to TCP port 27374
Monday, March 04, 2002 2:56:38 AM Unrecognized access from 24.78.6.105:3697 to TCP port 27374
Monday, March 04, 2002 2:56:44 AM Unrecognized access from 24.78.6.105:3697 to TCP port 27374
Monday, March 04, 2002 2:56:56 AM Unrecognized access from 24.78.6.105:3697 to TCP port 27374
Monday, March 04, 2002 3:36:14 AM Unrecognized access from 63.117.2.118:3768 to TCP port 111
Monday, March 04, 2002 4:48:17 AM Unrecognized access from 24.82.60.169:3475 to TCP port 27374
Monday, March 04, 2002 4:48:20 AM Unrecognized access from 24.82.60.169:3475 to TCP port 27374
Monday, March 04, 2002 4:48:26 AM Unrecognized access from 24.82.60.169:3475 to TCP port 27374
Monday, March 04, 2002 4:48:38 AM Unrecognized access from 24.82.60.169:3475 to TCP port 27374
Monday, March 04, 2002 5:13:23 AM Unrecognized access from 64.148.158.174:2078 to TCP port 515
Monday, March 04, 2002 6:16:49 AM Unrecognized access from 24.69.68.171:4886 to TCP port 139
Monday, March 04, 2002 6:16:52 AM Unrecognized access from 24.69.68.171:4886 to TCP port 139
Monday, March 04, 2002 6:16:58 AM Unrecognized access from 24.69.68.171:4886 to TCP port 139
Monday, March 04, 2002 6:53:59 AM Unrecognized access from 210.111.129.10:3625 to TCP port 111
Monday, March 04, 2002 7:24:46 AM Unrecognized access from 128.11.99.45:137 to UDP port 137
Monday, March 04, 2002 7:24:48 AM Unrecognized access from 128.11.99.45:137 to UDP port 137
Monday, March 04, 2002 7:24:49 AM Unrecognized access from 128.11.99.45:137 to UDP port 137
Monday, March 04, 2002 10:53:23 AM Unrecognized access from 199.228.177.52:4169 to TCP port 111
Monday, March 04, 2002 12:17:50 PM Unrecognized access from 24.69.109.218:1310 to TCP port 139
Monday, March 04, 2002 12:17:53 PM Unrecognized access from 24.69.109.218:1310 to TCP port 139
Monday, March 04, 2002 12:17:59 PM Unrecognized access from 24.69.109.218:1310 to TCP port 139
Monday, March 04, 2002 12:46:52 PM Unrecognized access from 24.188.84.143:4539 to TCP port 27374
Monday, March 04, 2002 12:46:58 PM Unrecognized access from 24.188.84.143:4539 to TCP port 27374
Monday, March 04, 2002 12:47:10 PM Unrecognized access from 24.188.84.143:4539 to TCP port 27374
Monday, March 04, 2002 3:00:52 PM Unrecognized access from 24.69.109.218:1271 to TCP port 139
Monday, March 04, 2002 3:00:54 PM Unrecognized access from 24.69.109.218:1271 to TCP port 139
Monday, March 04, 2002 3:01:00 PM Unrecognized access from 24.69.109.218:1271 to TCP port 139
Monday, March 04, 2002 3:24:04 PM Unrecognized access from 24.69.203.43:2776 to TCP port 139
Monday, March 04, 2002 3:24:07 PM Unrecognized access from 24.69.203.43:2776 to TCP port 139
Monday, March 04, 2002 3:24:13 PM Unrecognized access from 24.69.203.43:2776 to TCP port 139
Monday, March 04, 2002 5:44:16 PM Unrecognized access from 80.134.23.191:4230 to TCP port 21
Monday, March 04, 2002 5:44:19 PM Unrecognized access from 80.134.23.191:4230 to TCP port 21
Monday, March 04, 2002 5:44:25 PM Unrecognized access from 80.134.23.191:4230 to TCP port 21
Monday, March 04, 2002 7:18:49 PM Unrecognized access from 24.49.133.133:3916 to TCP port 27374
Monday, March 04, 2002 7:18:58 PM Unrecognized access from 24.49.133.133:3916 to TCP port 27374
Monday, March 04, 2002 7:19:09 PM Unrecognized access from 24.49.133.133:3916 to TCP port 27374
Monday, March 04, 2002 8:53:17 PM Unrecognized access from 24.57.97.184:4199 to TCP port 27374
Monday, March 04, 2002 10:52:42 PM Unrecognized access from 136.145.160.39:1524 to TCP port 1524
Tuesday, March 05, 2002 12:31:23 AM Unrecognized access from 200.61.121.52:65419 to TCP port 1081
Tuesday, March 05, 2002 12:31:27 AM Unrecognized access from 200.61.121.52:65419 to TCP port 1081
Tuesday, March 05, 2002 12:31:29 AM Unrecognized access from 200.61.121.52:64461 to TCP port 1081
Tuesday, March 05, 2002 6:42:18 AM Unrecognized access from 24.64.19.234:137 to UDP port 137
Tuesday, March 05, 2002 6:42:20 AM Unrecognized access from 24.64.19.234:137 to UDP port 137
Tuesday, March 05, 2002 6:42:21 AM Unrecognized access from 24.64.19.234:137 to UDP port 137
Tuesday, March 05, 2002 7:59:39 AM Unrecognized access from 65.193.117.60:32824 to TCP port 1214

yet still more:

Tuesday, March 05, 2002 7:59:42 AM Unrecognized access from 65.193.117.60:32824 to TCP port 1214
Tuesday, March 05, 2002 9:38:28 AM Unrecognized access from 64.35.94.71:4400 to TCP port 1125
Tuesday, March 05, 2002 3:54:26 PM Unrecognized access from 24.88.110.226:137 to UDP port 137
Tuesday, March 05, 2002 3:54:28 PM Unrecognized access from 24.88.110.226:137 to UDP port 137
Tuesday, March 05, 2002 3:54:29 PM Unrecognized access from 24.88.110.226:137 to UDP port 137
Tuesday, March 05, 2002 3:59:26 PM Unrecognized access from 142.176.115.84:31790 to UDP port 31789
Tuesday, March 05, 2002 5:20:44 PM Unrecognized access from 24.69.62.16:3756 to TCP port 139
Tuesday, March 05, 2002 5:20:47 PM Unrecognized access from 24.69.62.16:3756 to TCP port 139
Tuesday, March 05, 2002 5:20:53 PM Unrecognized access from 24.69.62.16:3756 to TCP port 139
Tuesday, March 05, 2002 5:21:05 PM Unrecognized access from 24.69.62.16:3756 to TCP port 139
Tuesday, March 05, 2002 5:32:58 PM Unrecognized access from 24.208.231.22:137 to UDP port 137
Tuesday, March 05, 2002 5:32:59 PM Unrecognized access from 24.208.231.22:137 to UDP port 137
Tuesday, March 05, 2002 5:33:01 PM Unrecognized access from 24.208.231.22:137 to UDP port 137

So don't feel too bad, we all get it. I have dedicated hardware to filter it out to take the load of my PCs

pretty much everyone of those connection attempts were from our enemies.

{QUOTE-> Your log doesn't show the port they attempted to connect to so it is hard to say why this is occurring. <-QUOTE}

Hi Unicron,

MrBlaze wrote for example:

{QUOTE-> The firewall has blocked Internet access to your computer (HTTP) from 172.195.204.167 (TCP Port 2091) [TCP Flags: S]. <-QUOTE}

So it looks to me that he did mention that port: HTTP=port 80

Or am I now making a mistake?

Hi MrBlaze,

It looks like your firewall is just doing its job!
Yes, all those "attempts" can be annoying.
I would advice to set up ZA in such a way that you don't get an alert pop-up every time such a thing occurs.
In the Alert Tab of ZA disable the box "Show the alert popup window".

A hearty 'AMEN' to that idea, Jan!

I'm a firm believer in letting your firewall go about doing its' job - quietly. As long as you're running frequent, full, in-depth scans with your AV/AT programs (and assuming your firewall is correctly set-up, of course), chasing down hits from various (mostly innocent) sources is a waste of time and can draw a lot of un-wanted attention your way.

mrblaze - I'd suggest (if you don't already have one or the other and you're using ZA) that you get either ZoneLogAnalyzer http://zonelog.co.uk/ or VisualZone v5.6 http://www.wilders.org/downloads.htm . Both will serve to let you know if you're actually getting 'attacked' and give you options to report it (ZLA) or have it reported for you (VZ). Pete

UNICRON my god i never seen so much ips hiting some one like that "blaze eyes widen" ok i feel better but i do think its the same person every day its that same looking ip lol.

i know at sos bord femmy look up my many user names that i sighn on with my aol accounts.

i have 7 aol accounts and for each registers same ip except that for each there is 1 digit or 2 digit diffrence at the end of each aol user name.

so i know its same person but wondering if its just aol being anoying or some one peson being anoying i was almost tempted to go to the dark side pick up a nuke and read how to use it *and nail the anoyance.

Anybody other then me ever feels like just pushing a red button and nailing that one anoying ip that bugs you day after day and you know its not a legit scan ping or echo request lol,

or am i the only one experincing cyber highway road rage lol=)

{QUOTE-> or am i the only one experincing cyber highway road rage lol=)
<-QUOTE}

Hey MrBlaze,
You're definitely not the only one !!! *

{QUOTE-> So it looks to me that he did mention that port: HTTP=port 80 <-QUOTE}


doh! I was lookin for numbers, looked right past the HTTP!

My Bad.

MRBLAZE

You might also want to submit some of these entries in your ZA log to DSHIELD (http://www.dshield.org) using their Web Interface

ahhhhhhhhhhhhhhhh gasppppppppp im not sure if im being parinoyed but i think i found out whats going on.

ok you noticed the ip adress is very similar every time so its most likely the same person.

i notice each za warning like this The firewall has blocked Internet access to your computer (HTTP) from 172.195.124.149 (TCP Port 1556) [TCP Flags: S].

Time: 3/7/2002 8:48:24 AM

has http this (HTTP) in front of the ip right so i said what the hell so i put in the http://ip adress here like i would a url and this is what happend

Date: 3/5/2002, Time: 13:47:44, MRBLAZE on COMPUTER
The file
C:\WINDOWS\Temporary Internet Files\Content.IE5\6Z0J0LM1\172.195.251[1]
was infected with the W32.Nimda.A@mm(html) virus.
The file was repaired.


Date: 3/5/2002, Time: 21:46:38, MRBLAZE on COMPUTER
The file
C:\WINDOWS\Temporary Internet Files\Content.IE5\AFIL8VGT\172.195.204[1]
was infected with the W32.Nimda.A@mm(html) virus.
The file was repaired.

My nortion antiviruse took out that mofo but its strange that an ip is also a web adress i think what was going on was this .

some one with aol account made a web site with his or her ip adress as a url as well and was trying to infect me with W32.Nimda.A.

he was most likely useing messenger spam. Messenger (not to be confused with MSN messenger or aol instant messeanger)

The easiest way to explain it is to show you the non-ethical ways of using the messenger service

The non-ethical use of the messenger service turns it into an untraceable spam tool. As you can see in this example, the sender has changed the computer name to "VirusScan." This fools the end user into believing it is a message from his or her antivirus program. The message also refers the user to a website, and as you can probably guess, it's not an antivirus website. The problem here is that anyone can send messages though the messenger service, not just system administrators. The command to send a message is called "net send" and can be executed from the command prompt with the following syntax. Spammers will automate this process using batch files so that they can send hundreds of messages per hour (see an example). You're probably saying to yourself, "No one knows my IP address. I'm safe." Not true. You and your hidden messenger service can easily be detected by running a simple port scan across a range of IP addresses. The messenger service is part of the Netbios service that runs on TCP port 139. To detect potential targets, the spammer will scan IP addresses with port 139 open. To demonstrate this, I downloaded an application named SuperScan and scanned 131 IP addresses for the open port 139. Click here to see a screen shot of my results. Out of 131 computers, 42 of them were open for attack. Using this method thousands of open IP addresses can be harvested and spammed per hour. Stop the spam

basicly he sends me that spam i click on ok cause its the only way to close that box get redirected to a web page carying a nast viruse and i am infected thats my consperacy theory *lol.

what about you guys any conspiracy theorys lol

lol oh by the way i cut and pasted that *spam part from an article lol but you get the ideal lol.

Not unusual to get hits to port 80 from Nimda infected machines. *The scans are on autopilot: a machine gets infected and then scans for other vulnerable machines to infect. *Usually you'll mostly get scans from infected machines who have the same ISP as you. *

Here's the Symantec write up on the Nimda variant you seem to have run into:

http://securityresponse.symantec.com/avcenter/venc/data/w32.nimda.a@mm.html

And no, that doesn't mean you have Nimda, it means someone else[/] has Nimda that keeps trying to send itself to everyone it can reach.

If that address is within your local range from your ISP, you might want to call them and let them know - perhaps they'll be interested enough to do something about it as long as you send them your complete, detailed log.

If you want to quit seeing the alerts altogether, just get SpyBlocker 4.75 and make sure you select 'Don't Allow Remote Connections' in the 'Options' section. *It'll block the Nimda probes before they ever [i]get to your firewall.

If you're using ZA and get SpyBlocker, make sure you don't 'Allow Connect' in either "Local" or "Internet" or "Allow Server" for SB in ZA. (Of course, if you want to see the attempts being made - in SB's log with a lot of detail - then leave 'Don't Allow Remote Connections' UN-checked). Pete

i do have spy blocker and that sounds like a great ideal but lol spyblocker constantly sets off my za fire wall i dont know why.

they should had made it compatiable with za.