Home » Allgemeines Security Forum » Security Alerts - Wieviel ist Normal? » Themenansicht

Security Alerts - Wieviel ist Normal?
#0
21.05.2004, 20:12
retaliator
...neu hier

Beiträge: 9
#1 Hallo alle miteinander!

Bin neu hier und habe mal eine Frage.

Ich habe Norton Internet Security 2002 und bin daran gewöhnt, dass im Event-Log ein gewisses "Grundrauschen" von angeblichen oder tatsaechlichen Einbruchsversuchen steht. Aber nicht so viel wie heute.

Im Anhang paste ich aber mal die "Ausbeute" von heute Abend...

Ist SOWAS noch normal?? Wer sind alle diese MF's? Und was macht man dagegen?

Bin dankbar für Euer Feedback.

Gruss,

Retaliator

...der eigentlich nur seine Ruhe haben moechte.

---------------------------------------------------
ANHANG

(sorry, er ist LANG)

Norton Internet Security Version 4.0
21.05.2004 20:05 (Westeuropäische Normalzeit)
Firewall Event Log
21.05.2004 20:05:32 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.88.187.240,epmap(135))
21.05.2004 20:05:29 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.88.187.240,epmap(135))
21.05.2004 20:05:02 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.232.160.102,epmap(135))
21.05.2004 20:04:59 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.232.160.102,epmap(135))
21.05.2004 20:04:42 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.231.52.62,epmap(135))
21.05.2004 20:04:40 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.231.52.62,epmap(135))
21.05.2004 20:03:52 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.232.234.58,epmap(135))
21.05.2004 20:03:49 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.232.234.58,epmap(135))
21.05.2004 20:03:27 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.229.82.207,epmap(135))
21.05.2004 20:03:24 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.229.82.207,epmap(135))
21.05.2004 20:02:59 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (80.130.31.232,4662)
21.05.2004 20:02:56 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.232.123.220,epmap(135))
21.05.2004 20:02:49 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.8.227.113,epmap(135))
21.05.2004 20:02:47 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (80.130.31.232,4662)
21.05.2004 20:02:44 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (143.50.212.142,4662)
21.05.2004 20:02:41 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (80.130.31.232,4662)
21.05.2004 20:02:38 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (80.130.31.232,4662)
21.05.2004 20:02:35 Supervisor Rule "Default Block Microsoft Windows 2000 SMB" blocked (81.38.227.93,microsoft-ds(445)). Details:
Inbound TCP connection
Local address,service is (GEORG(217.232.117.170),microsoft-ds(445))
Remote address,service is (81.38.227.93,3704)
Process name is "N/A"
21.05.2004 20:02:35 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (213.39.181.205,4662)
21.05.2004 20:02:32 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (143.50.212.142,4662)
21.05.2004 20:02:26 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (143.50.212.142,4662)
21.05.2004 20:02:23 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (213.39.181.205,4662)
21.05.2004 20:02:23 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (143.50.212.142,4662)
21.05.2004 20:02:20 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (82.82.80.131,4662)
21.05.2004 20:02:17 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (213.39.181.205,4662)
21.05.2004 20:02:14 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (213.39.181.205,4662)
21.05.2004 20:02:08 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (82.82.80.131,4662)
21.05.2004 20:02:02 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (82.82.80.131,4662)
21.05.2004 20:01:59 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (82.82.80.131,4662)
21.05.2004 20:01:30 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.230.51.31,epmap(135))
21.05.2004 20:01:29 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.232.16.88,epmap(135))
21.05.2004 20:01:27 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.230.51.31,epmap(135))
21.05.2004 20:01:26 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.232.16.88,epmap(135))
21.05.2004 20:00:54 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.231.222.64,epmap(135))
21.05.2004 20:00:52 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.228.116.33,epmap(135))
21.05.2004 20:00:51 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.231.222.64,epmap(135))
21.05.2004 20:00:49 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.228.116.33,epmap(135))
21.05.2004 20:00:38 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.227.99.18,epmap(135))
21.05.2004 20:00:38 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (80.129.188.25,4662)
21.05.2004 20:00:35 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.227.99.18,epmap(135))
21.05.2004 20:00:29 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.232.232.212,epmap(135))
21.05.2004 20:00:27 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.232.233.183,epmap(135))
21.05.2004 20:00:26 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.232.232.212,epmap(135))
21.05.2004 20:00:26 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (80.129.188.25,4662)
21.05.2004 20:00:20 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (80.129.188.25,4662)
21.05.2004 20:00:17 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (80.129.188.25,4662)
21.05.2004 19:59:46 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.229.145.236,4662)
21.05.2004 19:59:34 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.229.145.236,4662)
21.05.2004 19:59:28 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.229.145.236,4662)
21.05.2004 19:59:26 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (61.55.193.89,http(80))
21.05.2004 19:59:25 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.229.145.236,4662)
21.05.2004 19:59:21 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (80.141.223.83,4662)
21.05.2004 19:59:20 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (61.55.193.89,http(80))
21.05.2004 19:59:17 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (61.55.193.89,http(80))
21.05.2004 19:59:09 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (80.141.223.83,4662)
21.05.2004 19:59:07 Supervisor Rule "Default Block Microsoft Windows 2000 SMB" blocked (218.171.65.201,microsoft-ds(445)). Details:
Inbound TCP connection
Local address,service is (GEORG(217.232.117.170),microsoft-ds(445))
Remote address,service is (218.171.65.201,4350)
Process name is "N/A"
21.05.2004 19:59:00 Supervisor Rule "Default Block Microsoft Windows 2000 SMB" blocked (218.171.65.201,microsoft-ds(445)). Details:
Inbound TCP connection
Local address,service is (GEORG(217.232.117.170),microsoft-ds(445))
Remote address,service is (218.171.65.201,4350)
Process name is "N/A"
21.05.2004 19:59:00 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (80.141.223.83,4662)
21.05.2004 19:58:58 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.230.185.100,epmap(135))
21.05.2004 19:58:57 Supervisor Rule "Default Block Microsoft Windows 2000 SMB" blocked (218.171.65.201,microsoft-ds(445)). Details:
Inbound TCP connection
Local address,service is (GEORG(217.232.117.170),microsoft-ds(445))
Remote address,service is (218.171.65.201,4350)
Process name is "N/A"
21.05.2004 19:58:57 Supervisor Rule "Default Block Microsoft Windows 2000 SMB" blocked (81.210.39.42,microsoft-ds(445)). Details:
Inbound TCP connection
Local address,service is (GEORG(217.232.117.170),microsoft-ds(445))
Remote address,service is (81.210.39.42,2867)
Process name is "N/A"
21.05.2004 19:58:55 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.230.185.100,epmap(135))
21.05.2004 19:58:52 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.232.47.72,epmap(135))
21.05.2004 19:58:51 Supervisor Rule "Default Block Microsoft Windows 2000 SMB" blocked (81.210.39.42,microsoft-ds(445)). Details:
Inbound TCP connection
Local address,service is (GEORG(217.232.117.170),microsoft-ds(445))
Remote address,service is (81.210.39.42,2867)
Process name is "N/A"
21.05.2004 19:58:49 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.232.47.72,epmap(135))
21.05.2004 19:58:48 Supervisor Rule "Default Block Microsoft Windows 2000 SMB" blocked (81.210.39.42,microsoft-ds(445)). Details:
Inbound TCP connection
Local address,service is (GEORG(217.232.117.170),microsoft-ds(445))
Remote address,service is (81.210.39.42,2867)
Process name is "N/A"
21.05.2004 19:58:09 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.232.160.102,epmap(135))
21.05.2004 19:58:06 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.232.160.102,epmap(135))
21.05.2004 19:57:45 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.229.16.243,epmap(135))
21.05.2004 19:57:42 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.229.16.243,epmap(135))
21.05.2004 19:57:39 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.232.250.240,epmap(135))
21.05.2004 19:57:18 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.230.29.116,epmap(135))
21.05.2004 19:57:15 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.230.29.116,epmap(135))
21.05.2004 19:56:39 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.229.29.68,epmap(135))
21.05.2004 19:56:36 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.229.29.68,epmap(135))
21.05.2004 19:56:19 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (143.50.212.142,4662)
21.05.2004 19:56:12 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.228.155.216,epmap(135))
21.05.2004 19:56:09 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.228.155.216,epmap(135))
21.05.2004 19:56:07 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (143.50.212.142,4662)
21.05.2004 19:56:01 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (143.50.212.142,4662)
21.05.2004 19:55:58 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (143.50.212.142,4662)
21.05.2004 19:55:58 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (213.39.181.205,4662)
21.05.2004 19:55:46 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (213.39.181.205,4662)
21.05.2004 19:55:43 Supervisor Rule "Default Block Microsoft Windows 2000 SMB" blocked (221.127.153.201,microsoft-ds(445)). Details:
Inbound TCP connection
Local address,service is (GEORG(217.232.117.170),microsoft-ds(445))
Remote address,service is (221.127.153.201,1683)
Process name is "N/A"
21.05.2004 19:55:40 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (213.39.181.205,4662)
21.05.2004 19:55:37 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (213.39.181.205,4662)
21.05.2004 19:55:37 Supervisor Rule "Default Block Microsoft Windows 2000 SMB" blocked (221.127.153.201,microsoft-ds(445)). Details:
Inbound TCP connection
Local address,service is (GEORG(217.232.117.170),microsoft-ds(445))
Remote address,service is (221.127.153.201,1683)
Process name is "N/A"
21.05.2004 19:55:34 Supervisor Rule "Default Block Microsoft Windows 2000 SMB" blocked (221.127.153.201,microsoft-ds(445)). Details:
Inbound TCP connection
Local address,service is (GEORG(217.232.117.170),microsoft-ds(445))
Remote address,service is (221.127.153.201,1683)
Process name is "N/A"
21.05.2004 19:55:18 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.226.91.211,epmap(135))
21.05.2004 19:55:15 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.226.91.211,epmap(135))
21.05.2004 19:55:07 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.232.224.121,epmap(135))
21.05.2004 19:55:04 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.232.224.121,epmap(135))
21.05.2004 19:54:49 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (84.129.14.60,4662)
21.05.2004 19:54:37 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (84.129.14.60,4662)
21.05.2004 19:54:31 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (84.129.14.60,4662)
21.05.2004 19:54:28 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (84.129.14.60,4662)
21.05.2004 19:53:37 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (212.202.180.14,4662)
21.05.2004 19:53:25 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (212.202.180.14,4662)
21.05.2004 19:53:19 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (212.202.180.14,4662)
21.05.2004 19:53:16 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (212.202.180.14,4662)
21.05.2004 19:52:43 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (143.50.212.142,4662)
21.05.2004 19:52:31 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (143.50.212.142,4662)
21.05.2004 19:52:25 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (143.50.212.142,4662)
21.05.2004 19:52:22 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (143.50.212.142,4662)
21.05.2004 19:52:18 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (80.130.31.232,4662)
21.05.2004 19:52:06 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (80.130.31.232,4662)
21.05.2004 19:52:00 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (80.130.31.232,4662)
21.05.2004 19:51:57 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (80.130.31.232,4662)
21.05.2004 19:51:35 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (84.129.14.60,4662)
21.05.2004 19:51:23 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (84.129.14.60,4662)
21.05.2004 19:51:17 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (84.129.14.60,4662)
21.05.2004 19:51:14 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (84.129.14.60,4662)
21.05.2004 19:50:48 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (212.53.113.4,4662)
21.05.2004 19:50:39 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.232.15.86,epmap(135))
21.05.2004 19:50:39 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (82.82.80.131,4662)
21.05.2004 19:50:36 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (212.53.113.4,4662)
21.05.2004 19:50:33 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.232.159.210,epmap(135))
21.05.2004 19:50:30 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (212.53.113.4,4662)
21.05.2004 19:50:27 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (212.53.113.4,4662)
21.05.2004 19:50:27 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (82.82.80.131,4662)
21.05.2004 19:50:21 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (82.82.80.131,4662)
21.05.2004 19:50:18 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (82.82.80.131,4662)
21.05.2004 19:50:05 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (210.23.171.116,socks(1080))
21.05.2004 19:50:02 Supervisor An instance of "C:\Programme\Internet Explorer\iexplore.exe" is preparing to access the Internet for the first time
21.05.2004 19:49:15 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.232.250.240,epmap(135))
21.05.2004 19:49:12 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.232.250.240,epmap(135))
21.05.2004 19:49:05 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.229.145.236,4662)
21.05.2004 19:48:53 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.229.145.236,4662)
21.05.2004 19:48:47 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.229.145.236,4662)
21.05.2004 19:48:45 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.229.145.236,4662)
21.05.2004 19:48:18 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (213.23.58.6,4662)
21.05.2004 19:48:06 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (213.23.58.6,4662)
21.05.2004 19:48:00 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (213.23.58.6,4662)
21.05.2004 19:47:57 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (213.23.58.6,4662)
21.05.2004 19:47:28 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.230.232.222,4662)
21.05.2004 19:47:16 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.230.232.222,4662)
21.05.2004 19:47:10 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.230.232.222,4662)
21.05.2004 19:47:07 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.230.232.222,4662)
21.05.2004 19:47:05 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.229.119.56,epmap(135))
21.05.2004 19:47:02 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.229.119.56,epmap(135))
21.05.2004 19:46:54 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.232.201.135,epmap(135))
21.05.2004 19:46:51 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.232.201.135,epmap(135))
21.05.2004 19:46:49 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (213.23.58.6,4662)
21.05.2004 19:46:46 Supervisor Rule "Default Block Microsoft Windows 2000 SMB" blocked (217.232.231.215,microsoft-ds(445)). Details:
Inbound TCP connection
Local address,service is (GEORG(217.232.117.170),microsoft-ds(445))
Remote address,service is (217.232.231.215,2707)
Process name is "N/A"
21.05.2004 19:46:40 Supervisor Rule "Default Block Microsoft Windows 2000 SMB" blocked (217.232.231.215,microsoft-ds(445)). Details:
Inbound TCP connection
Local address,service is (GEORG(217.232.117.170),microsoft-ds(445))
Remote address,service is (217.232.231.215,2707)
Process name is "N/A"
21.05.2004 19:46:37 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (213.23.58.6,4662)
21.05.2004 19:46:37 Supervisor Rule "Default Block Microsoft Windows 2000 SMB" blocked (217.232.231.215,microsoft-ds(445)). Details:
Inbound TCP connection
Local address,service is (GEORG(217.232.117.170),microsoft-ds(445))
Remote address,service is (217.232.231.215,2707)
Process name is "N/A"
21.05.2004 19:46:31 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (213.23.58.6,4662)
21.05.2004 19:46:28 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (213.23.58.6,4662)
21.05.2004 19:46:25 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.232.203.176,epmap(135))
21.05.2004 19:46:22 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.232.203.176,epmap(135))
21.05.2004 19:46:18 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (143.50.212.142,4662)
21.05.2004 19:46:06 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (143.50.212.142,4662)
21.05.2004 19:46:00 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (143.50.212.142,4662)
21.05.2004 19:45:57 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (143.50.212.142,4662)
21.05.2004 19:44:56 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.230.232.222,4662)
21.05.2004 19:44:44 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.230.232.222,4662)
21.05.2004 19:44:38 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.230.232.222,4662)
21.05.2004 19:44:35 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.230.232.222,4662)
21.05.2004 19:43:48 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.255.128.141,epmap(135))
21.05.2004 19:42:43 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (143.50.212.142,4662)
21.05.2004 19:42:31 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (143.50.212.142,4662)
21.05.2004 19:42:25 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (143.50.212.142,4662)
21.05.2004 19:42:22 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (143.50.212.142,4662)
21.05.2004 19:42:11 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.230.62.68,epmap(135))
21.05.2004 19:42:08 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.230.62.68,epmap(135))
21.05.2004 19:42:04 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.230.152.117,epmap(135))
21.05.2004 19:42:01 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.230.152.117,epmap(135))
21.05.2004 19:41:37 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (80.130.31.232,4662)
21.05.2004 19:41:30 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (212.202.23.215,4662)
21.05.2004 19:41:25 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (80.130.31.232,4662)
21.05.2004 19:41:19 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (80.130.31.232,4662)
21.05.2004 19:41:18 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (212.202.23.215,4662)
21.05.2004 19:41:16 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (80.130.31.232,4662)
21.05.2004 19:41:12 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (212.202.23.215,4662)
21.05.2004 19:41:09 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (212.202.23.215,4662)
21.05.2004 19:40:47 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.4.162.104,epmap(135))
21.05.2004 19:40:47 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.229.152.153,epmap(135))
21.05.2004 19:40:44 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.4.162.104,epmap(135))
21.05.2004 19:40:44 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.229.152.153,epmap(135))
21.05.2004 19:40:36 Supervisor Rule "Default Block Microsoft Windows 2000 SMB" blocked (195.36.131.181,microsoft-ds(445)). Details:
Inbound TCP connection
Local address,service is (GEORG(217.232.117.170),microsoft-ds(445))
Remote address,service is (195.36.131.181,2415)
Process name is "N/A"
21.05.2004 19:40:30 Supervisor Rule "Default Block Microsoft Windows 2000 SMB" blocked (195.36.131.181,microsoft-ds(445)). Details:
Inbound TCP connection
Local address,service is (GEORG(217.232.117.170),microsoft-ds(445))
Remote address,service is (195.36.131.181,2415)
Process name is "N/A"
21.05.2004 19:40:28 Supervisor Rule "Default Block Microsoft Windows 2000 SMB" blocked (195.36.131.181,microsoft-ds(445)). Details:
Inbound TCP connection
Local address,service is (GEORG(217.232.117.170),microsoft-ds(445))
Remote address,service is (195.36.131.181,2415)
Process name is "N/A"
21.05.2004 19:40:01 Supervisor An instance of "C:\Programme\Internet Explorer\iexplore.exe" is preparing to access the Internet for the first time
21.05.2004 19:39:35 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.230.232.222,4662)
21.05.2004 19:39:23 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.230.232.222,4662)
21.05.2004 19:39:17 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.230.232.222,4662)
21.05.2004 19:39:14 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.230.232.222,4662)
21.05.2004 19:39:06 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (195.3.87.74,4662)
21.05.2004 19:38:54 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (195.3.87.74,4662)
21.05.2004 19:38:54 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.228.45.31,epmap(135))
21.05.2004 19:38:51 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.228.45.31,epmap(135))
21.05.2004 19:38:50 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.232.156.85,epmap(135))
21.05.2004 19:38:48 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (195.3.87.74,4662)
21.05.2004 19:38:47 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.232.156.85,epmap(135))
21.05.2004 19:38:45 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.232.206.218,epmap(135))
21.05.2004 19:38:45 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (195.3.87.74,4662)
21.05.2004 19:38:41 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.232.206.218,epmap(135))
21.05.2004 19:38:32 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (80.141.223.83,4662)
21.05.2004 19:38:24 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.229.145.236,4662)
21.05.2004 19:38:20 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (80.141.223.83,4662)
21.05.2004 19:38:13 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (80.141.223.83,4662)
21.05.2004 19:38:12 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.229.145.236,4662)
21.05.2004 19:38:10 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (80.141.223.83,4662)
21.05.2004 19:38:06 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.229.145.236,4662)
21.05.2004 19:38:04 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.229.145.236,4662)
21.05.2004 19:37:45 Supervisor Rule "Default Block Microsoft Windows 2000 SMB" blocked (62.43.129.39,microsoft-ds(445)). Details:
Inbound TCP connection
Local address,service is (GEORG(217.232.117.170),microsoft-ds(445))
Remote address,service is (62.43.129.39,2579)
Process name is "N/A"
21.05.2004 19:37:41 Supervisor Rule "Default Block Microsoft Windows 2000 SMB" blocked (62.43.129.39,microsoft-ds(445)). Details:
Inbound TCP connection
Local address,service is (GEORG(217.232.117.170),microsoft-ds(445))
Remote address,service is (62.43.129.39,2579)
Process name is "N/A"
21.05.2004 19:37:15 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.232.160.22,epmap(135))
21.05.2004 19:37:13 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.232.160.22,epmap(135))
21.05.2004 19:36:36 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.232.37.231,epmap(135))
21.05.2004 19:36:36 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.232.37.231,epmap(135))
21.05.2004 19:36:33 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.232.37.231,epmap(135))
21.05.2004 19:36:33 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.232.37.231,epmap(135))
21.05.2004 19:36:27 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (203.205.150.93,http(80))
21.05.2004 19:36:25 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.85.78.98,4662)
21.05.2004 19:36:21 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (203.205.150.93,http(80))
21.05.2004 19:36:19 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.85.78.98,4662)
21.05.2004 19:36:18 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (203.205.150.93,http(80))
21.05.2004 19:36:17 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (143.50.212.142,4662)
21.05.2004 19:36:16 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.85.78.98,4662)
21.05.2004 19:36:10 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.232.201.133,epmap(135))
21.05.2004 19:36:07 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.232.201.133,epmap(135))
21.05.2004 19:36:05 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (143.50.212.142,4662)
21.05.2004 19:35:59 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (143.50.212.142,4662)
21.05.2004 19:35:56 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (143.50.212.142,4662)
21.05.2004 19:35:44 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (222.136.72.131,socks(1080))
21.05.2004 19:35:38 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (222.136.72.131,socks(1080))
21.05.2004 19:35:35 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (222.136.72.131,socks(1080))
21.05.2004 19:35:34 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.228.162.108,epmap(135))
21.05.2004 19:35:31 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.228.162.108,epmap(135))
21.05.2004 19:34:29 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.228.10.1,epmap(135))
21.05.2004 19:34:26 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.228.10.1,epmap(135))
21.05.2004 19:33:42 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.229.138.88,epmap(135))
21.05.2004 19:33:39 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.229.138.88,epmap(135))
21.05.2004 19:32:56 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.225.143.202,epmap(135))
21.05.2004 19:32:53 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.225.143.202,epmap(135))
21.05.2004 19:32:33 Supervisor An instance of "C:\Programme\Microsoft Office\Office\OUTLOOK.EXE" is preparing to access the Internet for the first time
21.05.2004 19:32:29 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (143.50.212.142,4662)
21.05.2004 19:32:23 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (143.50.212.142,4662)
21.05.2004 19:32:20 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (143.50.212.142,4662)
21.05.2004 19:32:20 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.228.141.127,epmap(135))
21.05.2004 19:32:17 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.228.141.127,epmap(135))
21.05.2004 19:31:28 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.232.160.22,epmap(135))
21.05.2004 19:31:25 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.232.160.22,epmap(135))
21.05.2004 19:30:56 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (80.130.31.232,4662)
21.05.2004 19:30:48 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (212.202.180.14,4662)
21.05.2004 19:30:44 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (80.130.31.232,4662)
21.05.2004 19:30:38 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (80.130.31.232,4662)
21.05.2004 19:30:36 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (212.202.180.14,4662)
21.05.2004 19:30:35 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (80.130.31.232,4662)
21.05.2004 19:30:31 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.232.161.133,epmap(135))
21.05.2004 19:30:30 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (212.202.180.14,4662)
21.05.2004 19:30:28 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.232.161.133,epmap(135))
21.05.2004 19:30:27 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (212.202.180.14,4662)
21.05.2004 19:30:21 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (82.82.80.131,4662)
21.05.2004 19:30:16 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (213.39.181.205,4662)
21.05.2004 19:30:09 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (82.82.80.131,4662)
21.05.2004 19:30:04 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (213.39.181.205,4662)
21.05.2004 19:30:04 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.227.244.33,epmap(135))
21.05.2004 19:30:03 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (82.82.80.131,4662)
21.05.2004 19:30:00 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (82.82.80.131,4662)
21.05.2004 19:29:58 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (213.39.181.205,4662)
21.05.2004 19:29:55 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (213.39.181.205,4662)
21.05.2004 19:29:21 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (213.39.181.205,4662)
21.05.2004 19:29:09 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (213.39.181.205,4662)
21.05.2004 19:29:03 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (213.39.181.205,4662)
21.05.2004 19:29:00 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (213.39.181.205,4662)
21.05.2004 19:27:53 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (81.10.169.34,4662)
21.05.2004 19:27:43 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.229.145.236,4662)
21.05.2004 19:27:41 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (81.10.169.34,4662)
21.05.2004 19:27:39 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.231.123.28,epmap(135))
21.05.2004 19:27:36 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.231.123.28,epmap(135))
21.05.2004 19:27:32 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (81.10.169.34,4662)
21.05.2004 19:27:31 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.229.145.236,4662)
21.05.2004 19:27:25 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.229.145.236,4662)
21.05.2004 19:27:22 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.229.145.236,4662)
21.05.2004 19:26:51 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.231.38.51,epmap(135))
21.05.2004 19:26:48 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.231.38.51,epmap(135))
21.05.2004 19:26:47 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (80.133.20.173,epmap(135))
21.05.2004 19:26:44 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (80.133.20.173,epmap(135))
21.05.2004 19:26:39 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.232.231.69,epmap(135))
21.05.2004 19:26:36 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.232.231.69,epmap(135))
21.05.2004 19:26:30 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.81.26.4,epmap(135))
21.05.2004 19:26:27 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.81.26.4,epmap(135))
21.05.2004 19:26:17 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (143.50.212.142,4662)
21.05.2004 19:26:05 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (143.50.212.142,4662)
21.05.2004 19:26:03 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (80.138.68.182,5110)
21.05.2004 19:25:57 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (80.138.68.182,5110)
21.05.2004 19:25:56 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (143.50.212.142,4662)
21.05.2004 19:25:54 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (80.138.68.182,5110)
21.05.2004 19:25:22 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.225.228.89,epmap(135))
21.05.2004 19:25:19 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.225.228.89,epmap(135))
21.05.2004 19:25:18 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.225.45.178,4662)
21.05.2004 19:25:10 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.228.151.43,epmap(135))
21.05.2004 19:25:01 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.225.45.178,4662)
21.05.2004 19:24:49 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.225.45.178,4662)
21.05.2004 19:24:48 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.232.172.213,epmap(135))
21.05.2004 19:24:43 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.225.45.178,4662)
21.05.2004 19:24:40 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.225.45.178,4662)
21.05.2004 19:24:19 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.228.13.63,epmap(135))
21.05.2004 19:24:16 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.228.13.63,epmap(135))
21.05.2004 19:23:33 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.230.232.222,4662)
21.05.2004 19:23:21 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.230.232.222,4662)
21.05.2004 19:23:18 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.231.34.184,epmap(135))
21.05.2004 19:23:15 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.231.34.184,epmap(135))
21.05.2004 19:23:12 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.230.232.222,4662)
21.05.2004 19:23:03 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.228.10.140,epmap(135))
21.05.2004 19:23:00 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.228.10.140,epmap(135))
21.05.2004 19:22:58 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.225.42.115,epmap(135))
21.05.2004 19:22:57 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.232.9.63,epmap(135))
21.05.2004 19:22:55 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.225.42.115,epmap(135))
21.05.2004 19:22:54 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.232.9.63,epmap(135))
21.05.2004 19:22:54 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.232.37.105,epmap(135))
21.05.2004 19:22:40 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (143.50.212.142,4662)
21.05.2004 19:22:38 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.232.9.63,epmap(135))
21.05.2004 19:22:35 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.232.9.63,epmap(135))
21.05.2004 19:22:35 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.232.125.105,epmap(135))
21.05.2004 19:22:32 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.232.125.105,epmap(135))
21.05.2004 19:22:28 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (143.50.212.142,4662)
21.05.2004 19:22:22 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (143.50.212.142,4662)
21.05.2004 19:22:19 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (143.50.212.142,4662)
21.05.2004 19:22:19 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.232.31.131,epmap(135))
21.05.2004 19:22:17 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.232.31.131,epmap(135))
21.05.2004 19:22:16 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.232.31.131,epmap(135))
21.05.2004 19:22:14 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.232.31.131,epmap(135))
21.05.2004 19:22:06 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.229.70.78,epmap(135))
21.05.2004 19:22:03 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.229.70.78,epmap(135))
21.05.2004 19:21:30 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.225.131.238,epmap(135))
21.05.2004 19:21:27 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.225.131.238,epmap(135))
21.05.2004 19:21:24 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.232.191.50,epmap(135))
21.05.2004 19:21:22 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.232.191.50,epmap(135))
21.05.2004 19:20:50 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.232.174.176,epmap(135))
21.05.2004 19:20:47 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.232.174.176,epmap(135))
21.05.2004 19:20:39 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.232.21.85,epmap(135))
21.05.2004 19:20:37 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (81.10.169.34,4662)
21.05.2004 19:20:36 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.232.21.85,epmap(135))
21.05.2004 19:20:27 Supervisor Rule "Default Block Backdoor/SubSeven Trojan horse" blocked (4.15.98.126,27374). Details:
Inbound TCP connection
Local address,service is (GEORG(217.232.117.170),27374)
Remote address,service is (4.15.98.126,2999)
Process name is "N/A"
21.05.2004 19:20:27 Supervisor Intrusion attempt detected from address 4.15.98.126 by rule "Default Block Backdoor/SubSeven Trojan horse".
Blocked further access for 30 minutes.
21.05.2004 19:20:25 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (81.10.169.34,4662)
21.05.2004 19:20:19 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (81.10.169.34,4662)
21.05.2004 19:20:14 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (80.130.31.232,4662)
21.05.2004 19:20:14 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.232.157.18,epmap(135))
21.05.2004 19:20:11 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.232.157.18,epmap(135))
21.05.2004 19:20:09 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (80.129.188.25,4662)
21.05.2004 19:20:02 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (80.130.31.232,4662)
21.05.2004 19:19:59 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (82.82.80.131,4662)
21.05.2004 19:19:57 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (80.129.188.25,4662)
21.05.2004 19:19:56 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (80.130.31.232,4662)
21.05.2004 19:19:54 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (80.130.31.232,4662)
21.05.2004 19:19:51 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (80.129.188.25,4662)
21.05.2004 19:19:48 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (80.129.188.25,4662)
21.05.2004 19:19:47 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (82.82.80.131,4662)
21.05.2004 19:19:41 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (82.82.80.131,4662)
21.05.2004 19:19:38 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (82.82.80.131,4662)
21.05.2004 19:19:16 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.86.4.126,epmap(135))
21.05.2004 19:19:13 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.86.4.126,epmap(135))
21.05.2004 19:17:56 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (84.129.14.60,4662)
21.05.2004 19:17:44 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (84.129.14.60,4662)
21.05.2004 19:17:38 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (84.129.14.60,4662)
21.05.2004 19:17:36 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.132.193.33,epmap(135))
21.05.2004 19:17:36 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.228.202.31,epmap(135))
21.05.2004 19:17:35 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (84.129.14.60,4662)
21.05.2004 19:17:34 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.224.135.57,epmap(135))
21.05.2004 19:17:33 Supervisor Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (217.132.193.33,epmap(135))
21.05.2004 19:17:33 Supervisor Unused port blocking ha
Seitenanfang Seitenende
21.05.2004, 20:50
joschi
Moderator
Avatar joschi

Beiträge: 6466
#2 Alles in Butter !
Ursache 1: P2P-Netzwerke (klassisch für das e-donkey-netzwerk, 4662)
Ursache 2: diverse kursierende Würmer, die sich über Windwos-Schwachstellen verbreiten. z.B. 445, 135
Summa Summarum : Kein Anlass zur Sorge.
Evtl kannst Du NIS ja dazu bewegen, den Zugriff auf bestimmte Ports nicht mehr zu loggen. Es sein denn Du willst Statistik führen ;) .
__________
Durchsuchen --> Aussuchen --> Untersuchen
Seitenanfang Seitenende
21.05.2004, 22:29
retaliator
...neu hier

Themenstarter

Beiträge: 9
#3 Hallo Joschi!

Vielen Dank fuer die schnelle Antwort.

Ich bin kein "Experte", aber das heute kam mir irgendwie viel vor. Normal sind in meinem Log ca. 10-40 Alerts am Tag, je nach Tag...

Aber hier kam ploetzlich alle 3-10 Sekunden einer. Und alles Dinge, die vom Firewall ernst genommen wurden, wie er durch das "Brennende Wand"-Logo kundtat. Da wurde ich natürlich schon wach...

Du hast davon sicherlich mehr Ahnung als ich. Wenn Du sagst es ist OK, dann geh' ich jetzt pennen.

Vielen Dank nochmal,

Retaliator

... der eine anstrengende Woche OHNE Feiertag hinter sich hat.
Seitenanfang Seitenende
22.05.2004, 08:51
joschi
Moderator
Avatar joschi

Beiträge: 6466
#4 Hoffe Du hast gut geruht ! ;)
Das Phänomen, dass die Zugriffe im Sekundentakt registriert werden hat folgende Ursache !
Die bei der Einwahl deinem PC zugeordnetet IP-Adresse hatte kurz zuvor jemand, der (in diesem Fall) auf Port 4662 ein Filesharing-Programm am laufen hatte. Das kann auch mit anderen Ports (meist über 4xxx) auftreten.
__________
Durchsuchen --> Aussuchen --> Untersuchen
Seitenanfang Seitenende
22.05.2004, 11:28
retaliator
...neu hier

Themenstarter

Beiträge: 9
#5 Hallo Joschi!

Schlafkur beendet, und hat gut getan.

Ist ja interessant was Du/Ihr so rausfinden könnt... und gut zu wissen, dass es so jemand gibt. Dann dachten die also, ich wäre Teilnehmer einer Musiktauschboerse oder sowas. Das sehe ich natuerlich von hier aus nicht, ich sah nur die vielen Zugriffe.

OK, die Akte kann dann wohl geschlossen werden. Nochmals vielen Dank fuer Deine Nachforschungen.

Viele Gruesse,

Retaliator
Seitenanfang Seitenende
16.10.2004, 16:12
retaliator
...neu hier

Themenstarter

Beiträge: 9
#6 Hallo nochmal!

Ich wollte mich noch mal melden und vielleicht auch mal was nützliches beitragen. So als Gegenleistung.

Weiter oben hatte ich ja geschrieben, daß ich so ein "Grundrauschen" von 10-40 Alerts pro Tag hatte, je nach Tag. (Mittelwert von ca. einem Jahr.) Joschi hatte klargestellt, daß auch ein Trommelfeuer von Alerts wie das was mich aufschreckte nicht mit einer tatsächlichen Gefahr einher gehen muß.

Aber was haltet Ihr davon, daß jetzt nur noch so ein bis zwei im Monat kommen? Drastische Abnahme. Aber wo nix gemeldet wird, da versucht auch keiner was.

Wohlgemerkt: an der Firewall habe ich GARNIX verstellt. (Joschi meinte ja, ich solle ihr einfach das Loggen von allem und jedem abgewöhnen.) Und kaputt oder gehackt ist sie auch nicht. GRC und Pcflank finden jedenfalls keine Schwachstellen, die anderen zig Test-Sites die man bei Euch findet, hab' ich mir gespart.

Es muß nicht unbedingt was mit dem obigen zu tun haben, aber die folgenden Dinge HABE ich verändert:

1) Mozilla Firefox 0.9.3 statt IE. Ich will keine Eulen nach Athen tragen, aber u.a. ist sein PopUp-Blocker besser als der von Symantec. Mit Symantec allein geht schon mal ein leeres Fenster auf, mit Firefox kommt garnix mehr. Endlich.

2) Die komische T-Online Software durch Einrichtung einer einfachen Dialup-Verbindung ersetzt. Mit der kann Ami-Software wie die von Symantec vielleicht besser umgehen. Schneller gehts allemal, wenn man nicht erst dieses Software-Paket starten muß um zu surfen.

Wie das mit der Dialup-Connection geht, findet sich für alle Windows-Versionen hier:

http://www.hilfe1a.de/

(A' propos "komische T-Online Software"... die neueste Version generiert unter XP für T-DSL eine Verbindung namens "TOSW-internal Settings". Das Häkchen bei "Internetverbindungsfirewall" ist dort NICHT gesetzt. Also wer garkeine Firewall hat, der sollte vielleicht wenigstens dieses Häkchen mal setzen. Die reguläre T-Online Software funktioniert dann weiter - nur wohl etwas sicherer.)

3) Siehe c't Nr. 15, 2004: "Windows Wasserdicht". Einrichtung eines Accounts mit minimalen Rechten, alle seine Installationsmöglichkeiten mit dem c't-Programm "Kafu" entziehen. Von da aus geht nur surfen, sonst nix. Dient nur zum surfen in "unsicheren Gegenden". Selbst wenn da eine Seite was enthält, was Symantec noch nicht kannte - mit DEN Rechten kannste nix sehen und nix machen. Oder sehe ich da was falsch?

Auf die in der c't beschriebene Einrichtung von Sonderrechten für Programme die da so nicht laufen wollen (irgendwie mit "runas /blabla etc") habe ich bewußt verzichtet. Dialup-Verbindung, Firefox und Standardprogramme wie Word gehen - das reicht. T-Online 5 geht nicht - aber wer braucht das. So wird das Admin-Paßwort während der sicheren Sitzung nie verwendet - und auch nix gestartet, was Admin-rechte hat.

So, genug für heute. Ich hoffe, da war für jemand was nützliches dabei.


Grüße,

retaliator
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 1