Every day I get an email log from my firewall, and every day its the same thing.
Mon, 12/08/2003 15:34:37 - TCP connection dropped - Source:69.17.176.156, 4518, WAN - Destination:XXX.XXX.XXX.XXX, 135, LAN - 'Suspicious TCP Data'"
The first two octets of the IP are always 69.17, but the last two are usually different. The ports are always high numbers between 1200 and 4600. It always tries the same thing, port 135 (the RPC port, which was exploited by the Blaster worm). A WHOIS on these IP's show they are all from Aurora Cable Internet.
Is there something I can do about this? Nothing is getting through because of the firewall, but it's getting annoying having the logs filled up with this.
Mon, 12/08/2003 15:34:37 - TCP connection dropped - Source:69.17.176.156, 4518, WAN - Destination:XXX.XXX.XXX.XXX, 135, LAN - 'Suspicious TCP Data'"
The first two octets of the IP are always 69.17, but the last two are usually different. The ports are always high numbers between 1200 and 4600. It always tries the same thing, port 135 (the RPC port, which was exploited by the Blaster worm). A WHOIS on these IP's show they are all from Aurora Cable Internet.
Is there something I can do about this? Nothing is getting through because of the firewall, but it's getting annoying having the logs filled up with this.
Facebook
Twitter