Network Attacks Help

Discussion in 'malware problems & news' started by abhi_mittal, Mar 22, 2005.

Thread Status:
Not open for further replies.
  1. abhi_mittal

    abhi_mittal Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    887
    Location:
    Bangalore
    I use Avast Prof on my notebook which is connected to a LAN at my workplace. The network shield of Avast is regularly reporting of the following attacks:

    22.03.2005 18:44:20 DCOM Exploit attack
    from 192.168.2.63:135
    22.03.2005 18:44:48 LSASS Exploit (SXP) attack
    from 192.168.2.63:445
    22.03.2005 18:45:53 LSASS Exploit (SXP) attack
    from 192.168.2.136:445

    What do these attacks mean? How can I prevent them from happening?

    Regards,
    Abhishek
     
  2. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    I ran a search on the ip in the alert and this is what it shows. it doesn't look to nafarious.


    Checking access for 24.117.168.208... ok.
    Final results obtained from whois.arin.net.
    Results:

    OrgName: Internet Assigned Numbers Authority
    OrgID: IANA
    Address: 4676 Admiralty Way, Suite 330
    City: Marina del Rey
    StateProv: CA
    PostalCode: 90292-6695
    Country: US

    NetRange: 192.168.0.0 - 192.168.255.255
    CIDR: 192.168.0.0/16
    NetName: IANA-CBLK1
    NetHandle: NET-192-168-0-0-1
    Parent: NET-192-0-0-0-0
    NetType: IANA Special Use
    NameServer: BLACKHOLE-1.IANA.ORG
    NameServer: BLACKHOLE-2.IANA.ORG
    Comment: This block is reserved for special purposes.
    Comment: Please see RFC 1918 for additional information.
    Comment:
    RegDate: 1994-03-15
    Updated: 2002-09-16

    OrgAbuseHandle: IANA-IP-ARIN
    OrgAbuseName: Internet Corporation for Assigned Names and Number
    OrgAbusePhone: +1-310-301-5820
    OrgAbuseEmail: abuse@iana.org

    OrgTechHandle: IANA-IP-ARIN
    OrgTechName: Internet Corporation for Assigned Names and Number
    OrgTechPhone: +1-310-301-5820
    OrgTechEmail: abuse@iana.org

    # ARIN WHOIS database, last updated 2005-03-21 19:10
    # Enter ? for additional hints on searching ARIN's WHOIS database.

    Results brought to you by the GeekTools WHOIS Proxy
    Server results may be copyrighted and are used with permission.
    Your host has visited 1 times today.
     
Loading...
Thread Status:
Not open for further replies.