question for dodger
Results 1 to 5 of 5
  1. #1

    Join Date
    Jan 2004
    Posts
    6,462
    Post Thanks / WTG / Hug
    Rep Power
    0

    Default question for dodger

    I installed yahoo messenger yesterday. The only person I've used it with so far is sara and she is the only person on my list.

    This morning when I came online, just after yahoo messenger loaded itself, I had an attack that my norton picked up as being a Welchia_ICMP_Scan attack. This is what the Norton site says about it:

    "This event indicates the Welchia worm is making ICMP echo requests or is receiving replies.
    The Welchia worm checks for active machines to infect by sending an ICMP echo request, or PING, which will result in increased ICMP traffic.

    "Turn off and remove unneeded services. By default, many operating systems install auxiliary services that are not critical, such as an FTP server, telnet, and a Web server. These services are avenues of attack. If they are removed, blended threats have fewer avenues of attack and you have fewer services to maintain through patch updates.

    "If a blended threat exploits one or more network services, disable or block access to those services until a patch is applied.

    "Always keep your patch levels up-to-date, especially on computers that host public services and are accessible through the firewall, such as HTTP, FTP, mail, and DNS services."

    I'm thinking this attack is originating in Yahoo somewhere. I know it's not coming from sara (her pure evil genius is directed at other areas ) but do you think the yahoo network could be the source? and if so, is the only way to not get these attacks to turn off messenger when I'm not using it?

  2. #2

    Join Date
    Jan 2004
    Posts
    6,462
    Post Thanks / WTG / Hug
    Rep Power
    0

    Default

    Hi gabe, me again, lucky you. I've had another attack. This time it's the doom trojan horse virus from Dallas Texas. This is what my Norton program tell me about the person who sent it. I've even got their phone # ! :

    OrgID: TPCM
    CustName: ThePlanet.com Internet Services, Inc.
    Street: 1333 North Stemmons Freeway
    Street: Suite 110
    City: Dallas
    StateProv: TX
    Country: US
    PostalCode: 75207
    RegDate: 1999-08-31
    Updated: 2004-05-07
    ReferralServer: rwhois://rwhois.theplanet.com:4321
    OrgAbuseHandle: ABUSE271-ARIN
    OrgAdminHandle: CROSB-ARIN
    OrgNOCHandle: TECHN33-ARIN
    OrgTechHandle: TECHN33-ARIN

    NetHandle: NET-67-18-0-0-1
    OrgID: TPCM
    Parent: NET-67-0-0-0-0
    NetName: NETBLK-THEPLANET-BLK-11
    NetRange: 67.18.0.0 - 67.19.255.255
    NetType: allocation
    RegDate: 2004-03-15
    Updated: 2004-07-29
    NameServer: NS1.THEPLANET.COM
    NameServer: NS2.THEPLANET.COM
    TechHandle: PP46-ARIN

    TechHandle: PP46-ARIN
    TechName: Pathos, Peter
    TechPhone: +1-214-782-7800
    TechEmail: [email protected]

    OrgAbuseHandle: ABUSE271-ARIN
    OrgAbuseName: Abuse
    OrgAbusePhone: +1-214-782-7802
    OrgAbuseEmail: [email protected]

    OrgTechHandle: TECHN33-ARIN
    OrgTechName: Technical Support
    OrgTechPhone: +1-214-782-7800
    OrgTechEmail: [email protected]

    OrgAdminHandle: CROSB-ARIN
    OrgAdminName: Crosby, Lance
    OrgAdminPhone: +1-214-800-6008
    OrgAdminEmail: [email protected]

    OrgNOCHandle: TECHN33-ARIN
    OrgNOCName: Technical Support
    OrgNOCPhone: +1-214-782-7800
    OrgNOCEmail: [email protected]

    I got this a few moments after I opened yahoo again. I'm fully up to date with my patches and virus upgrades + I have my firewall up so I doubt anything will get through. Should I be doing anything else?

  3. #3
    Unix Ninja Gabe's Avatar
    Join Date
    Apr 1998
    Location
    Midland, Michigan, United States
    Posts
    3,209
    Post Thanks / WTG / Hug
    Blog Entries
    12
    Rep Power
    36

    Default

    The Planet is a hosting company.
    They have a data center where they host servers like ours. They probably have several thousands servers with different IPs.
    Do you have the IP of the computer that is attacking you? My guess is that they might have a server that is doing a DOS attack.

    (Denial of Service Attack)

    If your firewall is blocking the attack I would not worry about it.
    When you run a scan on your computer does it come up with any viruses?

  4. Remove Advertisements
    FrugalVillage.com
    Advertisements
     

  5. #4

    Join Date
    Jan 2004
    Posts
    6,462
    Post Thanks / WTG / Hug
    Rep Power
    0

    Default

    nope, no viruses, so I guess all my security is doing its job. I do have the IP of the computer sending the attack but I guess that if it's not getting through it's not worth doing anything. Not that I could anyway.

    Thanks gabe.

  6. #5
    Unix Ninja Gabe's Avatar
    Join Date
    Apr 1998
    Location
    Midland, Michigan, United States
    Posts
    3,209
    Post Thanks / WTG / Hug
    Blog Entries
    12
    Rep Power
    36

    Default

    If you find the warning annoying you can disable the warning I believe.

    You might want to check the documentation or do a search on google on the subject.

Similar Threads

  1. Hey Dodger - ?? about DVD writer
    By kimmee in forum Computers
    Replies: 2
    Last Post: 12-04-2004, 05:08 PM
  2. dodger dodger!! Firefox questions??
    By kimmee in forum Computers
    Replies: 6
    Last Post: 11-13-2004, 11:15 PM
  3. Dodger
    By mrscornbread in forum Computers
    Replies: 4
    Last Post: 12-04-2003, 11:18 PM
  4. Dodger, I need help AGAIN!
    By mrscornbread in forum Computers
    Replies: 4
    Last Post: 09-13-2003, 04:45 PM
  5. Dodger Blue
    By mrscornbread in forum General Chat
    Replies: 12
    Last Post: 07-03-2003, 10:16 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •